Encouraging Adoption of Memory-Safe Languages in Open Source Security Workshop

difficulties and opportunities of encouraging n.w
1 / 9
Embed
Share

Explore the challenges and opportunities of promoting memory-safe languages in open-source projects at the OMB/NSF/NIST Workshop. Discuss incentives for developers, critical dependencies, migration strategies, security enhancements, and more.

  • Memory-safe languages
  • Open source
  • Security workshop
  • Software development
  • Incentives
rayaanacharya
chenellet Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. DIFFICULTIES AND OPPORTUNITIES OF ENCOURAGING ADOPTION OF MEMORY-SAFE LANGUAGES IN OSS AUG 24-25, 2022: OMB/NSF/NIST WORKSHOP ON OPEN SOURCE SECURITY INITIATIVE

  2. AGENDA 01 03 Brainstorm the various problems we have to solve (20 min) 05 Discuss lessons learned from real world successes and failures (20 min) Meet the Panel (5 min) 02 04 Discuss incentives we can offer to open source developers (20 min) 06 Discuss the scope of the overall problem (10 min) Summarize and wrap-up (15 min)

  3. PANEL MEMBERS PANEL MEMBERS

  4. WELCOME! Abhishek Arya Principal Engineer and Head, Google Open Source Security Team Alex Gaynor Deputy Chief Technologist for Security, Federal Trade Commission David Brumley CEO and Co- Founder, ForAllSecure and Full Professor, Carnegie Mellon University Josh Aas Executive Director and Co-founder, Internet Security Research Group (ISRG) Mathias Payer Associate Professor, cole Polytechnique F d rale de Lausanne (EPFL)

  5. SCOPE OF OVERALL PROBLEM What kind of projects will benefit from this transition ? Which memory safe languages are a critical solution to this problem ? What are the critical dependencies for this work ? E.g. Rust depends on LLVM Are type-unsafe languages like Python, Javascript in scope ?

  6. WHICH PROBLEMS TO SOLVE How to plan migrations to maximize ROI? Riskiest parts, Complexity of new interfaces, Customer disruptions? How to make development easier with multi-language codebases? How can we improve platform support for memory safe languages? OS, Embedded Systems How to avoid security mistakes with mixing unsafe code ? How about adding safety extensions (e.g. CFI, MTE) and annotations(SAL)? What security properties do we want for type unsafe languages ?

  7. INCENTIVES FOR OSS DEVELOPERS How do we get new code written in memory safe languages? How can we get legacy code migrated in parts ? Funding, other incentives? What are the costs of writing new memory-unsafe code? Thoughts? Every N-Thousand lines of code, M CVEs -> $K in Fixes -> $M end-user damage M prod crashes -> $K SRE and SWE fix time

  8. LESSONS LEARNED SO FAR Share your real-world experiences Successes Failures

  9. SUMMARIZE Anything else we missed ?

Related


Memory Allocation in Operating Systems

Memory Allocation in Operating Systems

mae
Memory Organization in Computers

Memory Organization in Computers

capri
Memory Organization in Computers

Memory Organization in Computers

manisa
Cache and Virtual Memory in Computer Systems

Cache and Virtual Memory in Computer Systems

katy
Adoption under Hindu Law

Adoption under Hindu Law

fred
Programming Languages: Levels and Basics

Programming Languages: Levels and Basics

nahla
Memory Management and Swapping Techniques

Memory Management and Swapping Techniques

alijah
International Collaboration in Open Source Software: A Network Analysis Study

International Collaboration in Open Source Software: A Network Analysis Study

love
Insights from a Season at NSF: Program Director's Perspective

Insights from a Season at NSF: Program Director's Perspective

makenz
Adoption and International Adoption in the Czech Republic

Adoption and International Adoption in the Czech Republic

beer228
NSF Rejections in Banner System

NSF Rejections in Banner System

aalee
Enhancing Usability and Accessibility in Next-Generation Elections: NIST Workshop Insights

Enhancing Usability and Accessibility in Next-Generation Elections: NIST Workshop Insights

armi_798
Shared Memory, Distributed Memory, and Hybrid Distributed-Shared Memory

Shared Memory, Distributed Memory, and Hybrid Distributed-Shared Memory

benjami
Virtual Memory Concepts and Benefits

Virtual Memory Concepts and Benefits

kyde410
Virtual Memory and its Implementation

Virtual Memory and its Implementation

tian836
Adoption and the Law: Insights and Perspectives

Adoption and the Law: Insights and Perspectives

viv_bea
Building a Viable Business around Open Source Software (OSS)

Building a Viable Business around Open Source Software (OSS)

annae
Preserving Australian Indigenous Languages in Education

Preserving Australian Indigenous Languages in Education

tild_787
National Science Foundation - Where Discoveries Begin

National Science Foundation - Where Discoveries Begin

njol
Enhancing Memory Bandwidth with Transparent Memory Compression

Enhancing Memory Bandwidth with Transparent Memory Compression

emanuele_n
BOC Compliance Initiative in Federal Spending

BOC Compliance Initiative in Federal Spending

pedraza_a
Microprocessor Output Devices and Memory Interfacing

Microprocessor Output Devices and Memory Interfacing

dem_gru

More Related Content