由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Programming版 - 谁想用Rust重写popular FOSS,Google出钱
相关主题
C++ 又开始火起来了吗?M2Crypto upload 怎么做? (转载)
Open Position - Research Scientist at McAfee Inc. (转载)c++逐渐没落?
这个C#是为了啥?问问开发ios的,有用C++来组织代码的么?
为什么很多开发者恨微软live streaming technologies
Open Source — the Last Patent Defense?看看Linux开源社区的评选结果
请教peking2等ms->open source大神一个问题请推荐一本入门C#的书
[合集] perl 下面 TLS/SSL IMAP module??open source都快搞得大家没饭吃了
请教OLE control 的问题古德霸应该出来科普一下netflix的核心竞争力
相关话题的讨论汇总
话题: security话题: google话题: open话题: source
进入Programming版参与讨论
1 (共1页)
h****e
发帖数: 2125
1
Memory-safety vulnerabilities have dominated the security field for years
and often lead to issues that can be exploited to take over entire systems.
A recent study found that "~70% of the vulnerabilities addressed through a
security update each year continue to be memory safety issues.” Another
analysis on security issues in the ubiquitous `curl` command line tool
showed that 53 out of 95 bugs would have been completely prevented by using
a memory-safe language.
Software written in unsafe languages often contains hard-to-catch bugs that
can result in severe security vulnerabilities, and we take these issues
seriously at Google. That’s why we’re expanding our collaboration with the
Internet Security Research Group to support the reimplementation of
critical open-source software in memory-safe languages. We previously worked
with the ISRG to help secure the Internet by making TLS certificates
available to everyone for free, and we're looking forward to continuing to
work together on this new initiative.
It's time to start taking advantage of memory-safe programming languages
that prevent these errors from being introduced. At Google, we understand
the value of the open source community and in giving back to support a
strong ecosystem.
To date, our free OSS-Fuzz service has found over 5,500 vulnerabilities
across 375 open source projects caused by memory safety errors, and our
Rewards Program helps encourage adoption of fuzzing through financial
incentives. We've also released other projects like Syzkaller to detect bugs
in operating system kernels, and sandboxes like gVisor to reduce the impact
of bugs when they are found.
The ISRG's approach of working directly with maintainers to support
rewriting tools and libraries incrementally falls directly in line with our
perspective here at Google.
The new Rust-based HTTP and TLS backends for curl and now this new TLS
library for Apache httpd are an important starting point in this overall
effort. These codebases sit at the gateway to the internet and their
security is critical in the protection of data for millions of users
worldwide.
We'd like to thank the maintainers of these projects for working on such
widely-used and important infrastructure, and for participating in this
effort.
We're happy to be able to support these communities and the ISRG to make the
Internet a safer place. We appreciate their leadership in this area and we
look forward to expanding this program in 2021.
Open source security is a collaborative effort. If you're interested in
learning more about our efforts, please join us in the Securing Critical
Projects Working Group of the Open Source Security Foundation.
1 (共1页)
进入Programming版参与讨论
相关主题
这周三netflix OSS meetupOpen Source — the Last Patent Defense?
颤抖吧!Arch率先抛弃MySQL!请教peking2等ms->open source大神一个问题
mono 到底有木有![合集] perl 下面 TLS/SSL IMAP module??
其实开源(OpenSource) 不便宜!请教OLE control 的问题
C++ 又开始火起来了吗?M2Crypto upload 怎么做? (转载)
Open Position - Research Scientist at McAfee Inc. (转载)c++逐渐没落?
这个C#是为了啥?问问开发ios的,有用C++来组织代码的么?
为什么很多开发者恨微软live streaming technologies
相关话题的讨论汇总
话题: security话题: google话题: open话题: source