C and C++: A Security Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Hoffmann Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond yearsMax Hoffmann Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory

Embracing an Adversarial Mindset for C++ Security Amanda Rousseau 9/18/2024 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY1 Strategies for Secure C++ DevelopmentWHOAMI 0x401006 Microsoft 0x40100C Offensive 0x40100F Research & Security 0x401018 Engineering 0x40101A (MORSE) CURRENT 0x401000 MALWARE UNICORN AMANDA ROUSSEAU 0x402001 perspectiveFactors Influencing Trends Increased Security Awareness and Practices Adoption of Modern Technologies •secure coding, regular patching, comprehensive security testing •Improved Discovery Methods -

or policies of any company in the Johnson & Johnson Family of Companies.Big Picture Why Safety/Security in C++ Medical Device Failure Analysis Brief Intro to Medical Device Standards, Documents, and Coding Practices in Safety Critical Path Final Words and Q&A 1 2 3 4 5 6Safety/Security and C++ 5Security/Safety Concerns with C++ 6MITRE Common Weaknesses Enumeration 7Recent Notable Talks on Failures Analysis 92006-2011 FDA MAUDE database Medical Device Failure Analysis 10 This study does NOT contain security related recalls!Recall Index Database Medical Device Failure Analysis 11 © 2018

signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag

signing and verifying of packages. As the awareness about the importance of software supply chain security grows, it is becoming more important the capability of being able to sign and verify software packages Copied 1 file: secure_scanner secure_scanner/1.0 package(): Packaged 1 file: secure_scanner ... Security Scanner: The path 'mypath' is secure! Let’s review the test_package/conanfile.py: from conan import /Users/luism/workspace/examples2/ ˓→tutorial/creating_packages/other_packages/tool_requires/consumer ... Security Scanner: The path '/Users/luism/workspace/examples2/tutorial/creating_packages/ ˓→other_packag