Retrofitting Spatial Safety to Hundreds of Millions of Lines of C++

Google Security:

Based on an analysis of in-the-wild exploits tracked by Google’s Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade[…]

[…]

A key element of our strategy focuses on Safe Coding and using memory-safe languages in new code.

[…]

However, this transition will take multiple years as we adapt our development practices and infrastructure. Ensuring the safety of our billions of users therefore requires us to go further: we’re also retrofitting secure-by-design principles to our existing C++ codebase wherever possible.

[…]

Hardened libc++, recently added by open source contributors, introduces a set of security checks designed to catch vulnerabilities such as out-of-bounds accesses in production. […] Hardening libc++ resulted in an average 0.30% performance impact across our services (yes, only a third of a percent).

Previously:

• Memory Safe Languages in Android 13

C++ Programming Language Craft Google Chrome Open Source Programming Security

1 Comment RSS · Twitter · Mastodon

---

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ