Fireside Chat: The State of Memory Safety

Note: Presentation times are in Pacific Standard Time (PST).

Wednesday, January 25, 2023 - 9:00 am10:00 am

Moderator: Amira Dhalla, Consumer Reports
Panelists: Yael Grauer, Consumer Reports; Alex Gaynor, Federal Trade Commission; Josh Aas, Internet Security Research Group and Prossimo

Abstract: 

The most ubiquitous kind of vulnerability that plagues modern computing is the memory safety vulnerability—where the underlying programming language doesn't inherently protect data structures in memory. When "memory unsafe" code fails, it can allow attackers access to arbitrary pieces of system memory, and potentially execution of malicious code. Over the years, writing code in memory safe languages, "sandboxing" memory unsafe code, and raising awareness around memory unsafety have been important steps in more generally protecting computerized and networked systems against this class of threats. But where are we at? What is the current state of memory unsafety? Join Yael and Amira from Consumer Reports, who are currently working on a report surveying the landscape of memory safety, in a fireside conversation with Alex Gaynor and Josh Aas, two key informants on the quest to squash this pernicious class of bugs.

Amira Dhalla, Consumer Reports

Amira Dhalla has spent over a decade in technology working on issues related to digital rights, privacy, security, and equity with global organizations and communities. Together, she works with educators and activists to design participatory curriculum and resources to make emerging technology more inclusive, open, and safe. She currently works at Consumer Reports as the Director of Impact Partnerships and Programs with a focus on digital privacy and security. Amira works on projects that improve the cybersecurity and privacy of products and tools in the marketplace, while also tackling topics like discriminatory technologies, deceptive design, and trust and safety.

Yael Grauer, Consumer Reports

Yael Grauer works at Consumer Reports managing Security Planner, a free, easy-to-use guide to staying safer online. Her background is in investigative tech reporting, and she has covered privacy and security for over a decade for various tech publications. She has extensively researched the privacy and security (or lack thereof) of consumer VPNs, teamed up with EFF to research street-level surveillance, broken stories on Zoom misleading users about end-to-encryption, looked into questionable claims about blockchain voting, and investigated surveillance against China’s Uyghur minority. Yael serves on the Board of Directors of the CyberMed Summit, the world’s only clinically-oriented healthcare cybersecurity conference. She also runs a do-it-yourself data broker opt-out list, and is currently writing a book on investigations for No Starch Press.

Alex Gaynor, Federal Trade Commission

Alex Gaynor is a software security engineer. He's a founder and principal at Fish in a Barrel, working on systemic solutions to classes of vulnerabilities. He's previously been Chief Information Security Officer at Alloy and an engineer at Mozilla and the United States Digital Service. Alex has a long history of contribution in open source, from building a JIT'd Ruby VM to serving on the Board of Directors of the Python Software Foundation. Alex lives in Washington, D.C.

Josh Aas, Internet Security Research Group and Prossimo

Josh Aas co-founded and currently runs Internet Security Research Group (ISRG), the nonprofit entity behind Let's Encrypt, the world's largest certificate authority helping to secure more than 290 million websites. He also spearheaded ISRG’s latest projects, one focused on bringing memory-safe code to security-sensitive software, called Prossimo, and Divvi Up, a privacy-respecting metrics service. Josh worked in Mozilla’s platform engineering group for many years, improving the Firefox web browser. He also worked for Mozilla in a senior strategy role, helping to find solutions for some of the Web's most difficult problems. He has deep expertise in software security and ecosystem dynamics, as well as organizational leadership.

BibTeX
@conference {285615,
author = {Amira Dhalla and Yael Grauer and Alex Gaynor and Josh Aas},
title = {Fireside Chat: The State of Memory Safety },
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jan
}

Presentation Video