C and C++: A Security Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Hoffmann Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond yearsMax Hoffmann Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory

Embracing an Adversarial Mindset for C++ Security Amanda Rousseau 9/18/2024 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY1 Strategies for Secure C++ DevelopmentWHOAMI 0x401006 Microsoft 0x40100C Offensive 0x40100F Research & Security 0x401018 Engineering 0x40101A (MORSE) CURRENT 0x401000 MALWARE UNICORN AMANDA ROUSSEAU 0x402001 perspectiveFactors Influencing Trends Increased Security Awareness and Practices Adoption of Modern Technologies •secure coding, regular patching, comprehensive security testing •Improved Discovery Methods -

science from Politehnica University of Bucharest ◮ I have a master’s degree in computer and network security from Politehnica University of Bucharest ◮ I have 12 years of professional experience in Linux and operating systems ◮ I work at Bitdefender, global leader in cybersecurity, where I develop security software solutions which run on routers 2 / 50Disclaimer ◮ This presentation is based on a personal of this project is just a proof of concept ◮ Any mistakes are mine 3 / 50Agenda ◮ Motivation ◮ Image classification ◮ Hand gesture recognition ◮ Summary ◮ Q&A 4 / 50Motivation 5 / 50Machine Learning

the client application. 3 Conan Documentation, Release 2.10.1 The different applications in the image above are: • The Conan client: this is a console/terminal command-line application, containing the signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import

the client application. 3 Conan Documentation, Release 2.9.3 The different applications in the image above are: • The Conan client: this is a console/terminal command-line application, containing the signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import

the client application. 3 Conan Documentation, Release 2.3.2 The different applications in the image above are: • The Conan client: this is a console/terminal command-line application, containing the signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import

the client application. 3 Conan Documentation, Release 2.5.0 The different applications in the image above are: • The Conan client: this is a console/terminal command-line application, containing the signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import

the client application. 3 Conan Documentation, Release 2.4.1 The different applications in the image above are: • The Conan client: this is a console/terminal command-line application, containing the signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import

the client application. 3 Conan Documentation, Release 1.31.4 The different applications in the image above are: • The Conan client: this is a console/terminal command-line application, containing the Description: A toolkit for the Transport Layer Security (TLS) and Secure Sockets␣ ˓→Layer (SSL) protocols Topics: conan, openssl, ssl, tls, encryption, security Recipe: Cache Binary: Cache Binary remote: and unzip the designated zip file, though other installers, including also installing from a Docker image. When the file is unzipped, launch Artifactory by double clicking the .bat or .sh script in the bin

the client application. 3 Conan Documentation, Release 2.8.1 The different applications in the image above are: • The Conan client: this is a console/terminal command-line application, containing the signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import