Talk type: Talk

Secure C++: Is It Really That Bad?

  • Talk in Russian
Presentation pdf

Sergey will analyze the recent NSA report and tell if the security situation in C++ is really that bad, and what the modern industry offers to solve this issue.

He will break down security issues in C++ using open source examples from Chromium, among them:

  • Memory handling.
  • UB.
  • C legacy, strings, arithmetic, type conversions.

The speaker will also show different approaches to mitigating the problems described, in particular:

  • Static analysis.
  • Dynamic analysis.
  • Fuzzing testing.
  • Hardening.
  • Identification of safe language subsets: Misra, AUTOSAR, Google standard.
  • SDL methodology as a comprehensive solution.
  • (Bonus) KasperskyOS approach for detecting untrusted components that may contain vulnerabilities, but are not vulnerable to exploitation and attack.
  • #security


Invited experts