Chris Dzombak

It’s Not Exploitable

This article showed an excellent point: taken alone, a memory leak or other “low-impact” bug may not appear to be much of a problem. But taken together, a set of these bugs can turn into an exploitable security hole.

A few classes of bugs used in that exploit:

I posted last night that this is yet another sign we should use safer, modern languages even for low-level programming. (Yes, it’s possible these days to write high-performance code in languages that protect against these classes of bugs.)

But after thinking longer, what we really need is not better tooling. We have tooling which provides good performance and adds safety. What we need is a cultural shift; programmers need to shift their priorities such that safety comes first. The arguments against — performance, wanting to write low-level code — simply aren’t justifiable any longer.

Statements like “I’ve never run into a problem that’s the language’s fault that Swift would have handled better.” are unbelievable at best and irresponsible at worst. Even if the programmer hasn't found any bugs like this yet, they surely exist, and they're waiting to be exploited or to blow up on a new version of the OS.

Stop using glorified assembly (when it’s not strictly necessary — sure, it’s always necessary at some level, but not for large parts of our operating systems and certainly not for your UI code). Start being responible.

As always, I welcome discussion and feedback; I’m @cdzombak on Twitter.