Forum - Microsoft: 70 Percent of All Security Bugs Are Memory Safety Issues
News Fetcher
Joined: Oct 24 2009
Last Active: Never/Not tracked
Total Active: Never/Not tracked
Timezone: GMT+ -7
143385 posts
Last Page Viewed:
Post 154396       February 11 '19 at 12:31 PM
By msmash from Slashdot's closer-look department:
Around 70 percent of all the vulnerabilities in Microsoft products addressed through a security update each year are memory safety issues; a Microsoft engineer revealed last week at a security conference. From a report: Memory safety is a term used by software and security engineers to describe applications that access the operating system's memory in a way that doesn't cause errors. Memory safety bugs happen when software, accidentally or intentionally, accesses system memory in a way that exceeds its allocated size and memory addresses. Users who often read vulnerability reports come across terms over and over again. Terms like buffer overflow, race condition, page fault, null pointer, stack exhaustion, heap exhaustion/corruption, use after free, or double free -- all describe memory safety vulnerabilities. Speaking at the BlueHat security conference in Israel last week, Microsoft security engineer Matt Miller said that over the last 12 years, around 70 percent of all Microsoft patches were fixes for memory safety bugs.