| ▲ | tptacek 9 hours ago | |||||||
This is just wrong. Not that you can't blow up from a data race; you certainly can. Simply that any of these properties admit to exploitable vulnerabilities, which is the point of the term as it is used today. When you expand the definition the way you are here, you impair the utility of the term. Serious systems built in memory-unsafe languages yield continual streams of exploitable vulnerabilities; that remains true even when those systems are maintained by the best-resourced security teams in the world. Functionally no Go projects have this property. The empirics are hard to get around. | ||||||||
| ▲ | cyberax 6 hours ago | parent [-] | |||||||
There were CVEs caused by concurrent map access. Definitely denials of service, and I'm pretty sure it can be used for exploitation. > Serious systems built in memory-unsafe languages yield continual streams of exploitable vulnerabilities I'm not saying that Go is as unsafe as C. But it definitely is NOT completely safe. I've seen memory corruptions from improper data sync in my own code. | ||||||||
| ||||||||