Why are memory-corruption bugs still a thing?
The challenges of securing software at an assembly level
Doug Britton
CTO, RunSafe Security Inc.
10:30-11:30 Monday, 8 April 2019, ITE346
Methods to chip away at the danger of memory-corruption bugs have been available for some time. Why has the going-price of memory-corruption-based exploits not spiked? If the methods were have a broad-based result in mitigating exploit vectors, there would be a reduction in supply, causing an increase in prices. Also, there would be a reduction in the pool of people qualified to develop zero-days, allowing them to push the prices up. The data suggest that prices have remained generally stable and attackers are able to move with impunity. What are the challenges to large-scale adoption of memory-corruption based mitigation methods.
Doug Britton serves as Chief Technology Officer and Director of RunSafe Security, Inc. Mr. Britton Co-founded Kaprica Security, Inc., in 2011 and serves as its Chief Executive Officer. Prior to his leadership role in Kaprica, Mr. Britton was a cyber-security focused research and development manager at Lockheed Martin. He has an MBA and MS from University of Maryland and a BS in Computer Science from the University of Illinois.