Microsoft: We're creating a new Rust-based programming language for secure coding

-

Microsoft's Project Verona involves creating a new language for "safe infrastructure programming" to be open-sourced soon.

By Liam Tung | December 2, 2019 -- 14:25 GMT (19:55 IST) | Topic: Enterprise Software


Programming languages: Python is now more popular than Java

Microsoft can't just throw away older Windows code, but the company's Project Verona aims to make older low-level components in Windows 10 more secure by integrating Mozilla-developed Rust. 

DEVELOPER


Good news for developers: The CLI is back


Windows 10 1909: What do developers need to know? Not much, says Microsoft


Qualtrics extends developer platform, adds integration partners


Introducing STEAM to kids through sports (ZDNet YouTube)


The Best Web Hosting Providers for 2019 (CNET)


How to get a developer job (TechRepublic)


The company recently revealed that its trials with Rust over C and C++ to remove insecure code from Windows had hit its targets. But why did Microsoft do this? 
The company has partially explained its security-related motives for experimenting with Rust, but hasn't gone into much detail about the broader reasons for its move.
SEE: How to build a successful developer career (free PDF)

All Windows users know that on the second Tuesday every month, Microsoft releases patches to address security flaws in Windows. Microsoft recently revealed that the vast majority of bugs being discovered these days are memory safety flaws, which is also why Microsoft is looking at Rust to improve the situation. Rust was designed to allow developers to code without having to worry about this class of bug. 
'Memory safety' is the term for coding frameworks that help protect memory space from being abused by malware. Project Verona at Microsoft is meant to progress the company's work here to close off this attack vector. 
Microsoft's Project Verona could turn out to be just an experiment that leads nowhere, but the company has progressed far enough to have detailed some of its ideas through the UK-based non-profit Knowledge Transfer Network.  
Matthew Parkinson, a Microsoft researcher from the Cambridge Computer Lab in the UK who's dedicated to "investigating memory management for managed programming languages", gave a talk last week focusing on what the company is doing to address these memory issues. 

In the talk, Parkinson discussed the work Microsoft has done with MemGC, which is short for Memory Garbage Collector, for Internet Explorer (IE) and Edge. 
MemGC addressed vulnerabilities in the standard browser feature known as a Document Object Model (DOM), a representation of the data used by browsers to interpret web pages. Google's elite Project Zero hackers were impressed with Microsoft's MemGC after canvassing major browsers.    
"We built a garbage collector (GC) for the DOM. That big bulge in use-after-free was basically people finding ways of exploiting memory management in the DOM engine in IE," said Parkinson, referring to a graph that illustrates the prominence of memory safety bugs. 

Comments

  1. symonsMay 17, 2020 at 6:08 AM

    When experiencing Web Hosting Reviews, do not look for specifics. Some clients might upload adverse customer reviews when the issue was theirs and certainly not the firm's. Such customers will definitely certainly never confess their negligence. Therefore, you ought to instead, look at the trends depicted in the provider's company.

    ReplyDelete

Post a Comment

Popular posts from this blog

What is hacking

-
Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose. Description:  To better describe hacking, one needs to first understand hackers. One can easily assume them to be intelligent and highly skilled in computers. In fact, breaking a security system requires more intelligence and expertise than actually creating one. There are no hard and fast rules whereby we can categorize hackers into neat compartments. However, in general computer parlance, we call them white hats, black hats and grey hats. White hat professionals hack to check their own security systems to make it more hack-proof. In most cases, they are part of the same organisation. Black hat hackers hack to take control over the system for personal gains. They can destroy, steal or even prevent authorized users from accessing the system. They do this by finding loopholes a
Read more

Whatsapp new features update:

-
Some of the features are still under development while a few have been rolled out as stable updates for both Android and iOS users We bring to you some of the latest updates that were rolled out this week Topics WhatsApp constantly keeps updating its software to include new features in order to provide smooth messaging and call experience to its users. The instant messaging service took out a plethora of features recently. Some of the features are still under development while a few have been rolled out as stable updates for both Android and iOS users. We bring to you some of the latest updates that were rolled out this week: Call waiting support:  In the update version 2.19.120 WhatsApp introduced  call waiting support.  Currently, the update is only available for iPhone users. The Android update will be rolled out soon, according to reports. In this update, users will be able to receive another WhatsApp call while they are already on one call. Earlier, the receivers di
Read more

cybersecurity-firm-prosegur suffered ryuk ransomware attack

-
Some cybersecurity incidents sound like a paradox, such as this one. Reportedly, the cybersecurity firm Prosegur suffered a ransomware attack following which, the company shut down its network. Prosegur Suffered Ransomware Attack Reportedly, the Spanish cybersecurity firm Prosegur recently fell victim to a ransomware attack. The incident disrupted the company’s telecommunication platform causing its network to shut down. The incident surfaced online after users noticed that the firm’s website went offline. Users complained about service disruptions. Prosegur confirmed the security incident via an official statement on Twitter. Though the firm confirmed some security measures were taken, they eventually stopped all communications with users as a precaution. Later on, in the following statement, they disclosed the cyberattack involving Ryuk ransomware. Alongside limiting communications, the firm also started investigations into the matter. They have not revealed exactly when the attack b
Read more