Why are memory-corruption bugs still a thing?

The challenges of securing software at an assembly level

Doug Britton
CTO, RunSafe Security Inc.

10:30-11:30 Monday, 8 April 2019, ITE346

Methods to chip away at the danger of memory-corruption bugs have been available for some time.  Why has the going-price of memory-corruption-based exploits not spiked?  If the methods were have a broad-based result in mitigating exploit vectors, there would be a reduction in supply, causing an increase in prices.  Also, there would be a reduction in the pool of people qualified to develop zero-days, allowing them to push the prices up.  The data suggest that prices have remained generally stable and attackers are able to move with impunity.  What are the challenges to large-scale adoption of memory-corruption based mitigation methods. 

Doug Britton serves as Chief Technology Officer and Director of RunSafe Security, Inc. Mr. Britton Co-founded Kaprica Security, Inc., in 2011 and serves as its Chief Executive Officer. Prior to his leadership role in Kaprica, Mr. Britton was a cyber-security focused research and development manager at Lockheed Martin. He has an MBA and MS from University of Maryland and a BS in Computer Science from the University of Illinois.