Tag Archives: cybersecurity

Bruce Dawson on compiler bugs
Pascal Cuoq on 21 October 2013

Bruce Dawson has written a superb blog post on a Visual C++ compiler bug (now fixed) covering every aspect an essay on compiler bugs should cover. I really like one section that I am going to quote in full: Security In these paranoid days of the NSA subverting every computer...

Read More

The case for formal verification of existing software
Pascal Cuoq on 2 September 2013

Perry E. Metzger takes a look at formal verification [removed dead link]. This is good stuff; there is a lot to agree with here. However agreeing with Perry's post alone would not make a very interesting counterpoint. If agreeing was the only thing I intended to do I might even...

Read More

Microsoft's bug bounty program
Pascal Cuoq on 19 June 2013

I like Robert Graham's analysis on Microsoft's new bug bounty program. I would never have thought of selling vulnerabilities to the NSA (but then I am not American and not a security researcher). Does the NSA not employ qualified people to look for vulnerabilities as their day job? Is that...

Read More

Attack by Compiler
Pascal Cuoq on 20 May 2013

The title of this post, “Attack by Compiler”, has been at the back of my mind for several weeks. It started with a comment by jduck on a post earlier this year. The post's topic, the practical undefinedness of reading from uninitialized memory, and jduck's comment, awakened memories from a...

Read More

Google forking WebKit
Pascal Cuoq on 4 April 2013

Blink as seen from the inside As you have undoubtedly heard if you follow at all this sort of thing, as of April 3, Google is forking WebKit. Its Chrome browser will henceforth rely on its own variation of the popular rendering engine, Blink. This is big news. If I...

Read More