| ▲ | chii 2 hours ago | |
but then if you could assert the call graph (easily, or even provably correctly), then why not just cull the unused code that led to vulnerability in the first place? | ||
| ▲ | mseepgood 15 minutes ago | parent [-] | |
With a statically compiled language it is usually culled through dead-code elimination (DCE), and with static linking you don’t ship entire libraries. | ||