We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Go security pitfalls; 2 lessons from the battlefield at Grafana Labs - Jeremy Matos
Learn two crucial security lessons from the battlefield at Grafana Labs as Jeremy Matos shares insights on Go security pitfalls, fuzzing, memory management, concurrency, and the importance of transparency and patching.
Statically Typed Languages and Security
- Statically typed languages like Go are more secure due to their nature.
- It’s super hard to have remote code execution in a statically typed language.
Fuzzing and Security
- Fuzzing is used to test software for vulnerabilities by feeding it malicious inputs.
- It’s especially useful for testing complex or hard-to-understand code.
- Fuzzing can help identify unexpected program behavior and vulnerabilities.
Go’s Memory Management
- Go tries to be smart about memory management for arrays.
- The Go compiler reserves memory for an array, but this can lead to unexpected behavior if not carefully managed.
Slices and Sharing
- Go’s slices are references, not copies.
- This means that modifying a slice can affect the original array.
- Care must be taken when working with slices to avoid unexpected behavior.
Concurrency and Security
- Concurrency in Go can be challenging and is a common source of vulnerabilities.
- It’s essential to carefully consider concurrency when writing secure code.
Patching and Zero-Days
- Zero-day vulnerabilities are especially dangerous, as they can be exploited immediately.
- Patching is crucial to prevent exploitation of zero-day vulnerabilities.
Communication and Transparency
- Open communication and transparency are essential for building trust in software development and security.
- Fuzzing and security testing should be performed openly, and results should be shared.