2024 Session
Fiesta 9/10
10:45 am - 11:30 am, Wednesday, September 25
Strategies and Techniques to Reduce or Eliminate Memory Safety Risks in Large C/C++ Codebases

The world’s economy relies heavily on C/C++ applications, yet a staggering 70% of CVEs affecting these applications are due to memory safety flaws. Rewriting all code in memory-safe languages is infeasible, necessitating smarter approaches. In this talk, you'll learn about a simplified threat model to guide efforts, how adversaries search for memory safety flaws, and multiple strategies to incrementally reduce risk. You'll also hear war stories about successfully driving change, providing you with practical insights to enhance your own security efforts.

Learning Objectives:

  • Understanding of a simple threat model, leading to the realization that most C/C++ applications can be split into three parts for memory safety concerns: Data parsing (which is most risky), data processing after parsing (less risky) and other functionality (especially UI code)
  • Fuzzing is a powerful tool for risk mitigation, but also available to adversaries - even in the absence of source code
  • Fundamental techniques and their tradeoffs to reduce or eliminate memory safety risks: rewriting in a memory safe language, cross-compilation, sandboxing, fuzzing, static analysis
Get in touch
Get in touch
Customer Service
For any and all inquiries please click the button below
Speaking Opportunities

Tim Garon
Director, Event Content and Strategy

InfoSec World
Stay Informed
Join our mailing list for the latest news on InfoSec World 2024.