『The NSA Tips: Software Memory Safety』のカバーアート

The NSA Tips: Software Memory Safety

National Security Agency April 2023

プレビューの再生

聴き放題対象外タイトルです。Audible会員登録で、非会員価格の30%OFFで購入できます。

¥630で会員登録し購入
無料体験で、20万以上の対象作品が聴き放題に
アプリならオフライン再生可能
プロの声優や俳優の朗読も楽しめる
Audibleでしか聴けない本やポッドキャストも多数
無料体験終了後は月額¥1,500。いつでも退会できます。

The NSA Tips: Software Memory Safety

著者: National Security Agency
ナレーター: Tom Brooks
¥630で会員登録し購入

無料体験終了後は月額¥1,500。いつでも退会できます。

¥900 で購入

¥900 で購入

注文を確定する
下4桁がのクレジットカードで支払う
ボタンを押すと、Audibleの利用規約およびAmazonのプライバシー規約同意したものとみなされます。支払方法および返品等についてはこちら
キャンセル

このコンテンツについて

Modern society relies heavily on software-based automation, implicitly trusting developers to write software that operates in the expected way and cannot be compromised for malicious purposes. While developers often perform rigorous testing to prepare the logic in software for surprising conditions, exploitable software vulnerabilities are still frequently based on memory issues. Examples include overflowing a memory buffer and leveraging issues with how software allocates and de-allocates memory.

Microsoft® revealed at a conference in 2019 that from 2006 to 2018 70 percent of their vulnerabilities were due to memory safety issues. [1] Google® also found a similar percentage of memory safety vulnerabilities over several years in Chrome®. [2] Malicious cyber actors can exploit these vulnerabilities for remote code execution or other adverse effects, which can often compromise a device and be the first step in large-scale network intrusions.

Commonly used languages, such as C and C++, provide a lot of freedom and flexibility in memory management while relying heavily on the programmer to perform the needed checks on memory references. Simple mistakes can lead to exploitable memory-based vulnerabilities. Software analysis tools can detect many instances of memory management issues and operating environment options can also provide some protection, but inherent protections offered by memory safe software languages can prevent or mitigate most memory management issues.

NSA recommends using a memory safe language when possible. While the use of added protections to non-memory safe languages and the use of memory safe languages do not provide absolute protection against exploitable memory issues, they do provide considerable protection. Therefore, the overarching software community across the private sector, academia, and the U.S. Government have begun initiatives to drive the culture of software development towards utilizing memory safe languages. [3] [4] [5]

©2023 Tom Brooks (P)2023 Tom Brooks
プログラミング言語

The NSA Tips: Software Memory Safetyに寄せられたリスナーの声

カスタマーレビュー:以下のタブを選択することで、他のサイトのレビューをご覧になれます。