Видео Keynote | Memory Safe Languages Won't Save You

[varwar]

If you listen to all the experts, memory safe languages are the future of cybersecurity. But looking at the modern threat landscape, we see less memory bugs being exploited, even in code written in legacy unsafe languages. Are memory safe languages going to fix all security problems (hint: no)? Are they completely useless (hint: also no)? And what should we expect to see from threat actors going forward?

 

[voldemort]

Логические ошибки вместо ошибок памяти, так что вот: уязвимости — как болезни, мы никогда не освободимся от них

 

[shrekushka]

Bottom line: ofcourse memsafe lang aren’t a magic cure but suggesting that we pivot away from them + cast doubt on their importance because “logic bugs exist” is an egregious oversimplification. Her argument is full of short sighted leaps, conflations+ a smattering of anecdotal “gotchas” that fail to undermine the fundamental value of memsafety in securing contemporary software.
And she celebrates old school injection flaws / default cred disasters in memsafe products as a “gotcha” overlooking that these are glaring but orthogonal mistakes that no compiler + type system could ever magically fix.