Global Appsec News Today : Breaking News, Live Updates & Top Stories | Vimarsana
Stay updated with breaking news from Global appsec. Get real-time updates on events, politics, business, and more. Visit us for reliable news and exclusive interviews.
Top News In Global Appsec Today - Breaking & Trending Today
Andrew van der Stock Wednesday, December 23, 2020 2020 has been a very challenging year for all, including OWASP. I know a lot of folks are hurting, lost loved ones, or been very sick themselves. Work from home for many has been a challenge, especially if you’re like me and have school-age kids at home who are struggling with online classes. I think everyone is suffering from Zoom fatigue. I want to highlight some of our struggles and successes in 2020 but look forward to a much better 2021. Note: Our office is closed from Thursday, December 24th, and we reopen on January 4th, 2021. ....
memcpy-like and 22% of strcpy-like function calls in the codebase were to the least safe variants. And assuming safety just from the function name is simplistic even the safe variants could still be dangerous. In Huawei’s defense, while they have been subjected to an unusual level of public scrutiny they are definitely not an outlier in having trouble getting developers to adopt secure coding guidelines. In the memcpy case, it’s been banned at Microsoftsince 2009, but I haven’t personally seen any other companies outside the FAANG (Facebook/Apple/Amazon/Netflix/Google) that have done the same. You can actually tell who has banned the bad POSIX functions empirically, by looking at binaries a non-profit named CITL did a great overview of this and more in the IoT space. As you’d probably guess, the results are dismal. ....