Code vulnerablities

Came across this article this morning, vague at best when implying these codes could be used to build apps or full blown distros.

The research team, involving experts at Canadian and Iranian universities, focused on the C++ programming language, which is used in a huge variety of projects, from small programs to large distributed systems.

A cautionary tale or the ongoing saga of insecure apps for various electronic goods sold to relay data back to the manufacturers on their usage, where and when, i.e washing machines, tv's, webcam etc.

There are numerous "forked" apps/distos within the Linux ecosystem, to make you wonder.

4 Likes

I think it's a pretty standard thing of "if you don't understand code then the code can't be trusted".

Re-using maintained and tested code modules (e.g. crypto libraries) is one thing (though from a security standpoint you still don't understand the underlying code), but you definitely shouldn't be blindly copying-and-pasting snippets from Stack Overflow.

4 Likes

Or adding random repos of forked projects from strangers you dont trust:

(also can we fit in a C vs C++ joke here ? ..)

1 Like

Forum kindly sponsored by