This is one reason I left 1Password - there was no need (other than profit) to move to Electron, but they did anyhow, likely to save money even though they are drowning in cash. Many attacks these days chain together flaws from different vendors that by themselves aren't that big a deal, but in combination will give you the keys to the kingdom. ![]() Design flaws are easier to spot if the API is open, and MS is famous for hiding APIs.īut security researchers are starting to get better tooling to both be watching what the black hats are doing AND methodically analyze the software in use. ![]() As we see Microsoft jump on the Rust bandwagon, we may see fewer issues in this area. I'd argue that many categories of flaw are due to compiler choice more than anything else. But many flaws exist whether the source is open or closed it's just as easy to run fuzzing and opcode analysis over Microsoft software as it is over Linux software, and in general, the MS stuff gets more eyeballs, both black hat and white hat. Some flaws can be minimized due to the source being open. We recently had an OSS flaw discovery, found due to 0-day use, that has been present since the 1990s. ![]() Click to expand.I don't quite follow that.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |