Jeff Moss on Nostr: [2/2] It is essentially two documents, a discussion of memory safety technologies and ...
[2/2] It is essentially two documents, a discussion of memory safety technologies and then specific CISA recommendations. Also included is a new chart providing the granular root-cause-analysis (RCA) for memory safety issues reported to Microsoft and a great appendix for those wanting more.
I would like to thank everyone who put work in on this. Of the many people who briefed us please reveal yourselves if you wish to be identified.
The TAC: Jeff Moss npub1drnhdwspurvkaptrjmhs4u5crz8r34stfr9ewnhqwwapwj5fc0psqex2mm (npub1drn…x2mm) Subcommittee Chair, DEF CON Communications. Dino Dai Zovi, CashApp. Luiz Eduardo npub1ajp2gy7y66s5gq4cwx64e335x56s7speuh6e5g2frfp79wrsu5nqhjrdv7 (npub1ajp…rdv7), Aruba Threat Labs. Royal Hansen, Google. Isiah Jones, Applied Integrated Technologies. Kurt Opsahl npub1d9ye5pkt363tczaztel69eugkyfree5qrnwl2655sdztmdzc63qsanhkqk (npub1d9y…hkqk), Electronic Frontier Foundation. Stephen Schmidt, Amazon. Yan Shoshitaishvili, Arizona State University. Kevin Tierney, General Motors. Rachel Tobac npub1sklk6jq4exm29sf0dvejncctuxf3p48yk3vwj9v6ll8esvuc9nzsrkg2qx (npub1skl…g2qx), SocialProof Security. David Weston npub1zq3fphsslhj6uzd68h63d27g4rumfet06le0chm28c3p0ny05r2q7x5l6c (npub1zq3…5l6c), Microsoft.
From CISA: Eric Goldstein and Bob Lord npub1qsax7h4jmgqx5x2grvh487rqlwhkpg5ukgv3qn6rcxelqkdhzlush03n30 (npub1qsa…3n30)
I would like to thank everyone who put work in on this. Of the many people who briefed us please reveal yourselves if you wish to be identified.
The TAC: Jeff Moss npub1drnhdwspurvkaptrjmhs4u5crz8r34stfr9ewnhqwwapwj5fc0psqex2mm (npub1drn…x2mm) Subcommittee Chair, DEF CON Communications. Dino Dai Zovi, CashApp. Luiz Eduardo npub1ajp2gy7y66s5gq4cwx64e335x56s7speuh6e5g2frfp79wrsu5nqhjrdv7 (npub1ajp…rdv7), Aruba Threat Labs. Royal Hansen, Google. Isiah Jones, Applied Integrated Technologies. Kurt Opsahl npub1d9ye5pkt363tczaztel69eugkyfree5qrnwl2655sdztmdzc63qsanhkqk (npub1d9y…hkqk), Electronic Frontier Foundation. Stephen Schmidt, Amazon. Yan Shoshitaishvili, Arizona State University. Kevin Tierney, General Motors. Rachel Tobac npub1sklk6jq4exm29sf0dvejncctuxf3p48yk3vwj9v6ll8esvuc9nzsrkg2qx (npub1skl…g2qx), SocialProof Security. David Weston npub1zq3fphsslhj6uzd68h63d27g4rumfet06le0chm28c3p0ny05r2q7x5l6c (npub1zq3…5l6c), Microsoft.
From CISA: Eric Goldstein and Bob Lord npub1qsax7h4jmgqx5x2grvh487rqlwhkpg5ukgv3qn6rcxelqkdhzlush03n30 (npub1qsa…3n30)