Twitter | Pretraživanje | |
Kostya Serebryany
Keeping C++ insanity at bay: AddressSanitizer, libFuzzer, OSS-Fuzz, Control Flow Integrity. Views are my own. Tweets are not only about tech.
291
Tweetovi
527
Pratim
2.817
Osobe koje vas prate
 
Prikaži više fotografija
Tweetovi
Kostya Serebryany proslijedio/la je tweet
Dmitry Vyukov 5. velj
Odgovor korisniku/ci @dwizzzleMSFT
I am removing "Intro to our team work" slide from my later talk. did it well: LibFuzzer, syzkaller and ASan, all at one slide as a base of Microsoft Risk Detection Platform )
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany 4. velj
Android () enables stack auto-init for userspace! Wohoo! Kudos to for the Clang implementation.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany 4. velj
I had a privilege to work with Vlad for 2.5 years. You won't regret hiring him in any capacity.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Heather Adkins 4. velj
Security and reliability go hand in hand and must be inherent properties of the system. Check out this awesome new book coming in April 2020.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany 2. velj
Odgovor korisniku/ci @bsdaemon
MPX has harmed a lot because at first it created perception that the problem is solved and then it created perception that no such HW solution can be adopted. Combined, this probably delayed memory tagging by a decade.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Rodrigo Branco 1. velj
Boom. Bad technology from the beginning. Even trying to force adoption by spending millions implementing support, no real adoption. Consequences to the career-based decision making process inside the company? Zero. The promoted person remains promoted ;)
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany 30. sij
HWASAN (think of it as ASAN v2) has become available to developers on Android outside of Google. If you use C or C++ on Android, please give it a try. HWASAN is also available on Aarch64 Linux with a recent kernel.
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
nedwill 29. sij
Excited to start the new year with CVE-2020-3842 :) It's a fun one and unlike the other bugs I reported so far so I'm looking forward to (responsibly) disclosing it.
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Dmitry Vyukov 28. sij
I am impressed by testing approach, breadth, methodology and investment: It's very important that there are OSS projects that set such examples. There is always something to improve, but I think nobody will object that that's good level of testing
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Brad Fitzpatrick 27. sij
"An update on bradfitz" After ~12.5 years at Google and ~10 years working on Go, it's time for me to do something new. Tomorrow is my last day at Google. 👋 I'll still be involved with but less, and differently. More:
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Chris Lattner 27. sij
I am super excited to join today, leading the software team that builds tooling to enable 'silicon at the speed of software'. Chip design is challenging, and needs open tools that are well designed, easy to use, and state of the art. More at:
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Dmitry Vyukov 27. sij
What I'm thinking reading this sad story of crit remote vuln introduced into all LTS kernels and still unfixed (now in your kernel)- this "forgot to release lock" is mostly solved problem today with static analysis. Kernel absolutely needs it as part of the dev process 1/n
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Dmitry Vyukov 20. sij
Always wanted to be the first to support structured fuzzing as first-class citizen: func FuzzRegexp(f *testing.F, re string, data []byte, posix bool) {...} But it is! Glad it's slowly moving to industry standard. Maybe it will urge Go :)
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Matt Miller 16. sij
Great in-depth analysis of many of the changes that have been made thus far to support CET on Windows Looking forward to the future of CET capable CPUs :)
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Andrey Konovalov 16. sij
Nice talk about CFI in the Linux kernel by Slides: Video:
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
SAFECode 15. sij
Worried about C/C++ memory safety? (Hint: You probably should be) SAFECode contributor takes to the SAFECode blog to provide an overview of extensions that can help.
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany 10. sij
"... memory tagging can be defeated if the attacker gets enough attempts" -- yes! We have some time before the actual memory tagging hardware to ensure that we don't give the attacker enough attempts
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Dmitry Vyukov 9. sij
Another "nice" kernel bug that literally allows to write any memory on the machine by any user (you just give kernel any exact physical or virtual address): Again, killed before making it into any release:
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany proslijedio/la je tweet
Bhargava Shastry 3. sij
Bug found after custom mutations were introduced. Said bug was not found by random mutations during several months of continuous fuzzing even with a pretty solid seed corpus. tl;dr: please don't take randomness for granted.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Kostya Serebryany 25. pro
Odgovor korisniku/ci @blelbach @rinat_s
Yep!
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Učitaj starije tweetove