@ayper.bsky.social
Memory Safety @ Google. Previously co-founder of Mayhem Security (formerly known as ForAllSecure). Opinions here are my own.
We're joining forces with industry & academia to call for memory safety standardization: security.googleblog.com/2025/02/secu.... It's a recognition that memory unsafety is no longer a niche technical problem but a societal one, impacting everything from national security to personal privacy.
25.02.2025 20:17 β π 7 π 0 π¬ 0 π 0
π‘οΈπΈ We've revamped our Patch Rewards Program, extending its scope and increasing rewards for security patches β with a particular focus on memory safety, including bonus multipliers!
bughunters.google.com/blog/5273064...
Happy to publish the effort of my last five years: Security Signals.
research.google/pubs/securit...
Had a bunch of thoughts about the recent safety stuff, way more than fit in social media post... Blog post story time! (It's a bit of a ramble, sorry about that...)
chandlerc.blog/posts/2024/1...
#LLVM #Clang #MemorySafety
The best part? Itβs incredibly cost-effective, with an average performance overhead of just 0.3%. So thereβs really no reason not to do it if youβre running C++ code :)
15.11.2024 19:02 β π 1 π 0 π¬ 0 π 0This improves spatial safety across Googleβs services, including performance-critical components of Search, Gmail, Drive, YouTube, and Maps. Weβve already seen it disrupt a red team exercise, reduce segfaults by 30%, and improve code correctness.
15.11.2024 19:02 β π 1 π 0 π¬ 1 π 0
Excited to share our latest blog post on memory safety! Weβre tackling spatial safety in our massing C++ codebase by hardening live++ by default. It adds bounds checks to things like std::vector, preventing a fair bit of out-of-bounds vulnerabilities: security.googleblog.com/2024/11/retr...
15.11.2024 19:02 β π 29 π 8 π¬ 1 π 1
