Company: Kaspersky Lab
Start of main content
Talk type: Talk
Secure C++: Is It Really That Bad?
Sergey will analyze the recent NSA report and tell if the security situation in C++ is really that bad, and what the modern industry offers to solve this issue.
He will break down security issues in C++ using open source examples from Chromium, among them:
- Memory handling.
- C legacy, strings, arithmetic, type conversions.
The speaker will also show different approaches to mitigating the problems described, in particular:
- Static analysis.
- Dynamic analysis.
- Fuzzing testing.
- Identification of safe language subsets: Misra, AUTOSAR, Google standard.
- SDL methodology as a comprehensive solution.
- (Bonus) KasperskyOS approach for detecting untrusted components that may contain vulnerabilities, but are not vulnerable to exploitation and attack.