Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/fugueish/statuses/111535424751017705">fugueish (fugueish@infosec.exchange)'s status on Thursday, 07-Dec-2023 05:57:55 JST</a><a href="https://infosec.exchange/@fugueish" title="fugueish@infosec.exchange"><img src="https://gnusocial.jp/avatar/88807-48-20231226194958.webp" width="48" height="48" alt="fugueish" style="position: absolute; left: 0; top: 0;">fugueish</a><div><a href="https://infosec.exchange/@fugueish/111535405240017213" rel="in-reply-to">in reply to</a></div></section><article><p>In part, this is because they are planning for the post-memory-unsafety future. (See e.g. <a href="https://www.youtube.com/watch?v=mi6ZLmrXNP0" rel="nofollow noreferrer">https://www.youtube.com/watch?v=mi6ZLmrXNP0</a>)</p><p>But vendors are still addicted to their ability to dump these externalities onto customers. It's 'expensive' to move away from C/C++ in exposed attack surface — but only because the existing costs are externalized.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2421710#notice-4786949">In conversation</a><time datetime="2023-12-07T05:57:55+09:00" title="Thursday, 07-Dec-2023 05:57:55 JST">about a year ago</time> <span>from <span><a href="https://infosec.exchange/@fugueish/111535424751017705" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@fugueish/111535424751017705">permalink</a><h4>Attachments</h4><ol><li><article><header><img height="128" width="128" src="https://gnusocial.jp/thumbnail/1930083?w=128&amp;h=128"><h5><a href="https://www.youtube.com/watch?v=mi6ZLmrXNP0)But">#HITB2021SIN KEYNOTE 1: Security Technology Arms Race 2021 - Medal Event - Mark Dowd</a></h5><div></div></header><div>The investment into both offensive and defensive technologies has grown dramatically in line with the Internet’s rise as the pivotal system for communication...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
fugueish (fugueish@infosec.exchange)'s status on Thursday, 07-Dec-2023 05:57:55 JST fugueish
in reply to
In part, this is because they are planning for the post-memory-unsafety future. (See e.g. https://www.youtube.com/watch?v=mi6ZLmrXNP0)
But vendors are still addicted to their ability to dump these externalities onto customers. It's 'expensive' to move away from C/C++ in exposed attack surface — but only because the existing costs are externalized.
In conversationabout a year ago from infosec.exchangepermalink
Attachments
1. #HITB2021SIN KEYNOTE 1: Security Technology Arms Race 2021 - Medal Event - Mark Dowd
  The investment into both offensive and defensive technologies has grown dramatically in line with the Internet’s rise as the pivotal system for communication...

Public

Embed Notice

HTML Code

Corresponding Notice