Our models identified a 23-year-old use-after-free in OpenBSD's kernel implementation of System V semaphores.
大多数人认为长期存在的开源项目中的古老代码已经经过充分审查,不太可能存在严重漏洞,但作者认为AI能够发现人类安全专家在23年间都未识别出的关键漏洞。这挑战了人工代码审查的全面性假设。
5 Matching Annotations
- Last 7 days
-
openai.com openai.com
-
- Sep 2024
-
www.gnu.org www.gnu.org
-
freedom to study the program's “source code,” and change it, so the program does your computing as you wish
-
- Jan 2022
-
www.mobindustry.net www.mobindustry.net
-
Code Audit Services
-
- Nov 2021
-
askubuntu.com askubuntu.com
-
Perhaps not a good idea, in general, to use a random PPA for such sprawling software as a browser. Auditability near zero even if it is open source.
-
- Jan 2021
-
linuxmint-user-guide.readthedocs.io linuxmint-user-guide.readthedocs.io
-
This is a store we can’t audit, which contains software nobody can patch. If we can’t fix or modify software, open-source or not, it provides the same limitations as proprietary software.
-