C and C++: A Security Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Hoffmann Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond yearsMax Hoffmann Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory

Embracing an Adversarial Mindset for C++ Security Amanda Rousseau 9/18/2024 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY1 Strategies for Secure C++ DevelopmentWHOAMI 0x401006 Microsoft 0x40100C Offensive 0x40100F Research & Security 0x401018 Engineering 0x40101A (MORSE) CURRENT 0x401000 MALWARE UNICORN AMANDA ROUSSEAU 0x402001 perspectiveFactors Influencing Trends Increased Security Awareness and Practices Adoption of Modern Technologies •secure coding, regular patching, comprehensive security testing •Improved Discovery Methods -

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages. This extension point will soon get a plugin implementation based on Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag