Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mgaunard 2 days ago

I don't think 70% of bugs are memory safety issues.

In my experience it's closer to 5%.

cogman10 2 days ago | parent | next [-]

I believe this is where that fact comes from [1]

Basically, 70% of high severity bugs are memory safety.

[1] https://www.chromium.org/Home/chromium-security/memory-safet...

saagarjha 2 days ago | parent | next [-]

High severity security issues.

mgaunard 2 days ago | parent | prev [-]

Right, which is a measure which is heavily biased towards memory safety bugs.

stonemetal12 a day ago | parent | prev | next [-]

Using the data provided, memory safety issues (use-after-free, memory-leak, buffer-overflow, null-deref) account for 67% of their bugs. If we include refcount It is just over 80%.

IshKebab 2 days ago | parent | prev | next [-]

70% of security vulnerabilities are due to memory safety. Not all bugs.

tester756 2 days ago | parent | prev | next [-]

That's the figure that Microsoft and Google found in their code bases.

redeeman 2 days ago | parent | prev | next [-]

probably quite a bit less than 5%, however, they tend to be quite serious when they happen

mgaunard 2 days ago | parent [-]

Only serious if you care about protecting from malicious actors running code on the same host.

redeeman a day ago | parent [-]

you dont? I would imagine people that runs for example a browser would have quite an interest in that

mgaunard 13 hours ago | parent [-]

Browsers are sandboxed, and working on the web browsers themselves is a very small niche, as is working on kernels.

Software increasingly runs either on dedicated infrastructure or virtual ones; in those cases there isn't really a case where you need to worry about software running on the same host trying to access the data.

Sure, it's useful to have some restrictions in place to track what needs access to what resource, but in practice they can always be circumvented for debugging or convenience of development.

yencabulator 5 hours ago | parent [-]

Browsers are sandboxed by the kernel, and we're talking about bugs in the kernel here...

nibman 2 days ago | parent | prev [-]

[dead]