|
|
|
|
|
|
by _vvhw
1347 days ago
|
|
|
It's defense-in-depth. We use what we have available, according to the context: checksums, assertions, hash chains. You can't always use every technique. But anything that can possibly be verified online, we do. Buffer bleeds also terrify me. In fact, I worked on static analysis tooling to detect zero day buffer bleed exploits in the Zip file format [1]. However, to be clear, the heart of a bleed is a logic error, and therefore even memory safe languages such as JavaScript can be vulnerable. [1] https://news.ycombinator.com/item?id=31852389 |
|
|