Hacker News new | comments | show | ask | jobs | submit login

Yeah those issues were found in the Qualys audit. They have been fixed so the codebase should only be stronger now.

I just wish we had something that wasn't written in C.




Try running any such program through Softbound + CETS or SAFEcode (already in LLVM). They turn C programs memory-safe. Should knock out most of your risk immediately with an acceptable performance hit unless your volume is really, really high. Code-Pointer Integrity at least protects control flow with max of around 10% penalty. Given they're all alpha by few developers, they need more people using them on various software and doing error reports if they fail.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: