Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
MSRC-Security-Research Alternatives
Similar projects and alternatives to MSRC-Security-Research
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Windows Terminal
The new Windows Terminal and the original Windows console host, all in the same place!
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
-
wg-allocators
Home of the Allocators working group: Paving a path for a standard set of allocator traits to be used in collections!
-
core-foundation-rs
Rust bindings to Core Foundation and other low level libraries on Mac OS X and iOS
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
MSRC-Security-Research reviews and mentions
-
A reactionary take on memory safety
You’ll find more primary sources across different organizations that all arrive at the 60 - 70% number. But what really grinds my gears here is that you take a piece from the article you’re criticizing and pretend that it’s a quote from Matt Miller.
It’s actually quite easy to find a primary source here because the slides from the talk that the article is based on are available: https://github.com/microsoft/MSRC-Security-Research/blob/mas...
To quote from those slides: „~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues“.
-
Zig and Rust
> It's still bizarre though that Rust is capturing such ridiculous mindshare.
I don't think it's that bizarre. The two big headline features that bring Rust such popularity are: #1 "70% of bugs are memory-safety bugs" [1] and Rust can help solve those, and #2 C/C++ have a couple of package manager solutions - none of which have critical mass and Rust "comes with" cargo.
Those two make me really eager to continue experimenting with Rust.
> It seems to be a temporary low-level programming zeitgeist driven by YouTube and Reddit recommendation algorithms to an audience that has never done it and probably never will.
This is some weird gatekeep-y kinda thing. Most of us didn't start out with low-level programming. Wouldn't it have been odd and frustrating for someone to tell your younger self that you have "never written C and probably never will"?
[1] https://github.com/microsoft/MSRC-Security-Research
-
Will Carbon Replace C++?
https://github.com/microsoft/MSRC-Security-Research/blob/mas...
- How CastGuard Works [BHUSA 2022]
-
Arm releases experimental CHERI-enabled Morello board
Windows is likely a big task for the same reasons as SMAP (https://github.com/microsoft/MSRC-Security-Research/blob/mas...). XNU should be comparable to FreeBSD, which CheriBSD is a fork of, as both use Mach's VM for memory management and have a bunch of shared code in various places, but userspace is more of an unknown quite how much effort it'd be (you'll need to port Objective-C and, now, Swift, for example). For Chromium we have ported WebKit, so I'd imagine Blink isn't too dissimilar. V8 is likely interesting, though we have a version of WebKit's JSC JIT for Morello, which gives confidence in V8 being doable.
- Security Analysis of CHERI ISA
- Security Analysis of Cheri ISA [pdf]
-
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
A related post from Google Security Blog[0]:
> "A recent study[1] found that "~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.” Another analysis on security issues in the ubiquitous `curl` command line tool showed that 53 out of 95 bugs would have been completely prevented by using a memory-safe language. [...]"
[0]: https://security.googleblog.com/2021/02/mitigating-memory-sa...
[1]: https://github.com/Microsoft/MSRC-Security-Research/blob/mas...
-
Rust for Windows
Here is some of the internal advocacy going on at Microsoft.
- Managed languages if you can afford a GC
- Rust
- C++ with Core Guidelines
https://github.com/microsoft/MSRC-Security-Research/tree/mas...
Note that there are still some teams like Azure Sphere and Azure RTOS, which are only providing C based SDKs, so no everyone is on the same wave length.
-
A note from our sponsor - InfluxDB
www.influxdata.com | 25 Apr 2024
Stats
microsoft/MSRC-Security-Research is an open source project licensed under Creative Commons Attribution 4.0 which is not an OSI approved license.
The primary programming language of MSRC-Security-Research is Python.
Popular Comparisons
- MSRC-Security-Research VS rust-zmq
- MSRC-Security-Research VS wuffs
- MSRC-Security-Research VS PowerShell
- MSRC-Security-Research VS windows-rs
- MSRC-Security-Research VS Cargo
- MSRC-Security-Research VS winapi-rs
- MSRC-Security-Research VS core-foundation-rs
- MSRC-Security-Research VS win32ada
- MSRC-Security-Research VS samples-rs
- MSRC-Security-Research VS security-research
Sponsored