Alex Rebert's Avatar

Alex Rebert

@ayper.bsky.social

Memory Safety @ Google. Previously co-founder of Mayhem Security (formerly known as ForAllSecure). Opinions here are my own.

161 Followers  |  205 Following  |  4 Posts  |  Joined: 11.11.2024  |  1.5847

Latest posts by ayper.bsky.social on Bluesky


Preview
Rust in Android: move fast and fix things Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...

With Rust development surpassing C++ in the Android platform in 2025, we can start making reliable comparisons.

Rollback rates, code review latency, vulnerability density, and a CVE with a twist.

security.googleblog.com/2025/11/rust...

18.11.2025 10:17 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
29 Years Since β€œSmashing the Stack”: Time to Smash Memory Unsafety Itself This coming Saturday marks the 29th anniversary of Aleph One’s seminal Phrack Magazine article, β€œSmashing the Stack for Fun and Profit.”…

Secure by Design software: It’s time to stop patching and start preventing. One year left before "Smashing the Stack" turns 30β€”let’s make it count! πŸ”πŸ’ͺπŸ›‘οΈπŸ—“οΈ

medium.com/@boblord/29-...

06.11.2025 19:36 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
Memory Safety for Skeptics - ACM Queue

"Memory Safety for Skeptics," where I argue why memory safety is worthwhile to pursue amid competing priorities!

queue.acm.org/detail.cfm?i...

#rustlang

10.11.2025 18:11 β€” πŸ‘ 49    πŸ” 14    πŸ’¬ 1    πŸ“Œ 1
Preview
Securing tomorrow's software: the need for memory safety standards Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, Silicon For decades,...

We're joining forces with industry & academia to call for memory safety standardization: security.googleblog.com/2025/02/secu.... It's a recognition that memory unsafety is no longer a niche technical problem but a societal one, impacting everything from national security to personal privacy.

25.02.2025 20:17 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Blog: Level Up Your Open Source Karma (And Your Wallet) by Improving Security This blog post takes you through everything you need to know about the Patch Rewards Program, including our newly introduced focus on memory safety (including reward multipliers!), recently increased ...

πŸ›‘οΈπŸ’Έ We've revamped our Patch Rewards Program, extending its scope and increasing rewards for security patches – with a particular focus on memory safety, including bonus multipliers!

bughunters.google.com/blog/5273064...

21.01.2025 17:11 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
Security Signals: Making Web Security Posture Measurable At Scale

Happy to publish the effort of my last five years: Security Signals.

research.google/pubs/securit...

17.11.2024 13:02 β€” πŸ‘ 27    πŸ” 7    πŸ’¬ 0    πŸ“Œ 1
Story-time: C++, bounds checking, performance, and compilers Recently, several of my colleagues at Google shared the story of how we are retrofitting spatial safety onto our monolithic C++ codebase: https://security.googleblog.com/2024/11/retrofitting-spatial-s...

Had a bunch of thoughts about the recent safety stuff, way more than fit in social media post... Blog post story time! (It's a bit of a ramble, sorry about that...)

chandlerc.blog/posts/2024/1...

#LLVM #Clang #MemorySafety

17.11.2024 01:05 β€” πŸ‘ 95    πŸ” 19    πŸ’¬ 1    πŸ“Œ 2

The best part? It’s incredibly cost-effective, with an average performance overhead of just 0.3%. So there’s really no reason not to do it if you’re running C++ code :)

15.11.2024 19:02 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This improves spatial safety across Google’s services, including performance-critical components of Search, Gmail, Drive, YouTube, and Maps. We’ve already seen it disrupt a red team exercise, reduce segfaults by 30%, and improve code correctness.

15.11.2024 19:02 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Retrofitting Spatial Safety to hundreds of millions of lines of C++ Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasada, Core Developer Attackers regularly exploit spatial mem...

Excited to share our latest blog post on memory safety! We’re tackling spatial safety in our massing C++ codebase by hardening live++ by default. It adds bounds checks to things like std::vector, preventing a fair bit of out-of-bounds vulnerabilities: security.googleblog.com/2024/11/retr...

15.11.2024 19:02 β€” πŸ‘ 28    πŸ” 8    πŸ’¬ 1    πŸ“Œ 1

@ayper is following 19 prominent accounts