undefined | Better HN

0 pointsWmyEE0UsWAwC2i4y ago0 comments

I agree with the sentiment. For a project of this magnitude maybe it comes to develop some kind of static analysis along with refactoring the code to make the former possible.

As per the attack surface described in the paper (section IV). Because (III, the acceptance process) is a manpower issue.

0 comments

spullara4y ago

Ironically, one of their attempts were submitting changes that were allegedly recommended by a static analysis tool.

rjmunro4y ago

It's possible that they are developing a static analysis tool that is designed to find places where vulnerabilities can be inserted without looking suspicious. That's kind of scary.

Have they submitted patches to any projects other than the kernel?

spullara4y ago

Guess we have to wait for their next paper to find out.

j / k navigate · click thread line to collapse

0 pointsWmyEE0UsWAwC2i4y ago0 comments

I agree with the sentiment. For a project of this magnitude maybe it comes to develop some kind of static analysis along with refactoring the code to make the former possible.

As per the attack surface described in the paper (section IV). Because (III, the acceptance process) is a manpower issue.

0 comments

spullara4y ago

Ironically, one of their attempts were submitting changes that were allegedly recommended by a static analysis tool.

rjmunro4y ago

It's possible that they are developing a static analysis tool that is designed to find places where vulnerabilities can be inserted without looking suspicious. That's kind of scary.

Have they submitted patches to any projects other than the kernel?

spullara4y ago

Guess we have to wait for their next paper to find out.

j / k navigate · click thread line to collapse