Skip Navigation

Majority of Critical Open Source Projects Contain Memory Unsafe Code

www.infosecurity-magazine.com Majority of Critical Open Source Projects Contain Memory Unsafe Code

A CISA analysis in collaboration with international partners concluded most critical open source projects potentially contain memory safety vulnerabilities

Majority of Critical Open Source Projects Contain Memory Unsafe Code

A CISA analysis in collaboration with international partners concluded most critical open source projects potentially contain memory safety vulnerabilities

2

You're viewing a single thread.

2 comments
  • The fuck are you on about

    The headline is not what the article says at all

    written in a memory-unsafe language

    The report concluded that most critical open source projects potentially contain memory safety vulnerabilities. This is a result of direct use of memory unsafe languages or external dependency on projects that use memory-unsafe languages.

    Emphasis on “potentially” is mine

    Quite a lot more than 55% of projects have an external dependency on projects that use memory unsafe languages. Aside from a certain amount of Go or Rust projects that manage to avoid any dependency that drops down into C to expose some library at some point, I think it’s all of them.