We R in a Right Pickle With All These Insecure Serialization Formats

Explore a 40-minute Black Hat conference talk that examines the security vulnerabilities in bytecode-driven serialization formats, with a particular focus on Python's pickle and R's RDS format. Principal Security Researcher Kasimir Schulz and Vice President of Research Tom Bonner from HiddenLayer provide an unprecedented deep dive into these widely used but potentially insecure serialization methods. While pickle's security issues are well-documented in the Python community, this presentation broadens the discussion to examine the fundamental problems with bytecode-driven serialization across languages, offering fresh insights particularly into R's main serialization format which has received less security scrutiny. Access the full presentation materials through the provided Black Hat link to understand the risks these common serialization formats pose to your applications.