Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Nice slides, but I would have liked to see how they are making sure there are no memory corruption issues.


I guess you need to look at the general OpenBSD coding guidelines (if they're documented anywhere).

Also, they ripped out a bunch of what they called "exploit mitigation countermeasures" in OpenSSL's memory allocation code.


Well it is still C anyway.

For example, I find worthless the Annex K of C11 as solution for memory corruption, because the functions still require to keep track of a separate pointer and size, while making sure they match. And the Annex is anyway optional.

However OpenBSD coding guidelines do look quite good:

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/...

I like that they request developers to make use of static analysis.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: