Blog

Tag Archives: cybersecurity

The case for formal verification of existing software
Pascal Cuoq on 2 September 2013

Perry E. Metzger takes a look at formal verification [removed dead link]. This is good stuff; there is a lot to agree with here. However agreeing with Perry's post alone would not make a very interesting counterpoint. If agreeing was the only thing I intended to do I might even...

Read More

Microsoft's bug bounty program
Pascal Cuoq on 19 June 2013

I like Robert Graham's analysis on Microsoft's new bug bounty program. I would never have thought of selling vulnerabilities to the NSA (but then I am not American and not a security researcher). Does the NSA not employ qualified people to look for vulnerabilities as their day job? Is that...

Read More

Attack by Compiler
Pascal Cuoq on 20 May 2013

The title of this post, “Attack by Compiler”, has been at the back of my mind for several weeks. It started with a comment by jduck on a post earlier this year. The post's topic, the practical undefinedness of reading from uninitialized memory, and jduck's comment, awakened memories from a...

Read More

Google forking WebKit
Pascal Cuoq on 4 April 2013

Blink as seen from the inside As you have undoubtedly heard if you follow at all this sort of thing, as of April 3, Google is forking WebKit. Its Chrome browser will henceforth rely on its own variation of the popular rendering engine, Blink. This is big news. If I...

Read More

From Facebook to Silent Circle, through the “metrics” Frama-C plug-in
Pascal Cuoq on 16 February 2013

From Facebook to Silent Circle Some computers at Facebook were recently compromised because of a zero-day in Java. Nothing unexpected. Last december instead of writing a full blog post I lazily linked to Robert Graham predicting this sort of thing for the year 2013. Speaking of Facebook do you know...

Read More