Sears, Carnegie Mellon, AAI discussed on Go Time

Go Time


But he advocates eventually we won't me jobs anymore somebody's going to right right the aai system that rights code or us and they're going to be very rich so you're fussing is actually good from not just a um stability standpoint but also from a security standpoint is generally if you can make a program crash beacon can't you can take control of it i mean even at the least you can cause of denial of service on on it let's less of an issue with go obviously because of the memory safety uh but definitely if you're reading servers in in like sears habilis plus van fbi crash generally means also exploitable uh one of the things you can do with go fis is turn it not into so much again looking for crashes but to compare to implementation so i have a slow implementation and a fast implementation and i will use no coverage guided advising to make sure that i explore all the corners of the slow implementation and the fast implementation and then i will compare the output and if if the open in the same then i will crash and so van gogh fis finds crashes which means i have found a case where the fast implementation this loan limitation like generate different applets that's cool lots of lots of use for phasing outside of just pure you know sort of like it would give traditional vulnerabilities there were guy found it it was called f t f y research should vance's an automatic bug repair and on to deepwater carnegie mellon and i will link to that.

Coming up next