One of our founding directors, Mike Eftimakis, sat down with Akshaya Asokan from Information Security Media Group (ISMG) to explore how CHERI is helping tackle one of cybersecurity’s biggest challenges: memory safety.

CHERI (Capability Hardware Enhanced RISC Instructions) is a hardware-based approach to security, designed to prevent around 70% of today’s common vulnerabilities. Backed by industry leaders and the UK government, we're working to ensure global adoption across the electronics supply chain.

Watch the interview to learn more about:

How CHERI addresses memory safety issues
Common hardware supply chain vulnerabilities
Progress on adoption by chipmakers
Scalability challenges associated with CHERI

Watch the full interview: https://www.bankinfosecurity.com/uks-cheri-alliance-expands-to-global-hardware-supply-chain-a-28942

The CHERI Alliance is all about bringing the computing world together to adopt CHERI security technology.

We’re a mix of industry partners, open-source contributors, researchers, and governments, all working to make CHERI more accessible and widely used.

Check out who’s already on board: https://cheri-alliance.org/member/

We’ve got active working groups tackling everything from software porting to system integration and standards - all helping the community adopt and build with CHERI more effectively. Take a look: https://cheri-alliance.org/who-we-are/working-groups/

Curious? Keen to get involved? Here’s how to join us: https://cheri-alliance.org/memberships/

The @cheri_alliance has around a thousand followers on LinkedIn and just joined the Fediverse today. Let’s see how quickly we can get them to more than that here!

Hey infosec.exchange! We’re the CHERI Alliance — excited to join the community!

We’re all about CHERI (Capability Hardware Enhanced RISC Instructions) — a powerful hardware-based approach to making memory safety and software security actually enforceable, by design.

CHERI helps stop things like buffer overflows and use-after-free bugs before they cause trouble — with hardware-enforced protections built right into the architecture.

We’re here to:
- Share news about the CHERI community in general
- Talk about what our members are building with CHERI
- Connect with folks who care about deep, meaningful security improvements
Check us out cherialliance.org

Give us a follow if this sounds like your kind of thing!

I have lost count of the number of people at Embedded World who have asked me ’what is memory safety?'

If anyone is wondering how embedded security is going...

My #computing is far too important for me to be pacified by mere #MemorySafety. I demand actual #correctness.

Had a bunch of thoughts about the recent safety stuff, way more than fit in social media post... Blog post story time! (It's a bit of a ramble, sorry about that...)

https://chandlerc.blog/posts/2024/11/story-time-bounds-checking/

#rust #memorysafety

https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/

[1/2] Almost six months ago the Director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, directed the Technical Advisory Council (TAC) of the Cybersecurity Advisory Council (CSAC) to answer six questions around Memory Safety to help the department understand the challenges and opportunities of Memory Safe Systems Languages such as Rust, Go, and Swift.

DL/DR: Memory Safe Systems Languages are becoming mature, hyper-scale companies are doing incremental rewrites, there are additional protections that should be used in non-memory safe languages such as c++, and you should start to develop your roadmap. Please read the report.

Since the TAC started working, Memory Safety has become a hot topic, with the NSA joining CISA to release "The Case for Memory Safe Roadmaps"

Last week the TAC submitted our final report at the quarterly public meeting and I'm pleased to link it here:
https://www.cisa.gov/sites/default/files/2023-12/CSAC_TAC_Recommendations-Memory-Safety_Final_20231205_508.pdf

I checked her out, it was a Friday night
I used dark mode to get the feelin’ right
We started coding C, and shared some memory
But then I tried concurrent reads

And that’s about the time she threw a fault at me
Nobody likes you when your memory’s free
and are still pointing to that address space
What the hell is SIGSEGV?
My friends say I should memory safe
What’s my page again?
What’s my page again?

Came across a gemini link, looked for a Linux client out of curiosity.

Three graphical clients are listed for Linux: one written in Rust, one in C++ and one in C.

Which one does my Linux distribution offer? Only the one written in C of course.

new post: the SUX Rule for safer code https://kellyshortridge.com/blog/posts/the-sux-rule-for-safer-code/

it’s short for Sandbox-free - Unsafe - eXogenous. If your code does all three of:
- running without a sandbox
- written in an unsafe language
- processing exogenous inputs

it’s certain your code SUX.

it’s basically me tweaking Chromium’s excellent Rule of Two because it conflicts with Star Wars lore (among other reasons I describe)

Aleph One's article "Smashing The Stack For Fun And Profit" appeared in Phrack on 1996-11-08. The 30th anniversary of that paper will be in 1142 days.

What can we do between now and then to show him that we're finally taking the matter seriously? #memorySafety #secureByDesign

Two core Unix-like utilities, sudo and su, are getting rewrites in Rust - Invoking another user's privileges to execute a command. (credit: Cavan Ima... - https://arstechnica.com/?p=1935564 #rustprogramminglanguage #memorysafety #commandline #programming #biz⁢ #linux #tech #rust #sudo #unix #su