This course aims to explore the prevalence of memory-unsafety induced vulnerabilities in major projects written in C and C++. The course presents empirical data showcasing the ineffectiveness of these languages for modern secure development and discusses strategies to persuade developers to reconsider their use. The course covers topics such as memory unsafety properties, case studies, and developer responses using the Five Stages of Grief framework. The intended audience for this course includes developers, software engineers, and individuals interested in cybersecurity and programming languages.
Overview
Syllabus
Intro
Account takeover prevention rates, by challenge type
Properties of memory unsafety
Languages
Case studies
Denial: Data
Anger symptoms
Anger: Complex systems
Bargaining symptoms
Bargaining: Response
Depression: Work smarter, not harder
A call to action
Proof that incremental migrations are
Taught by
USENIX Enigma Conference
