Paweł Płatek on The Trail of Bits Blog

Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study

Thu, 25 Sep 2025 07:00:00 -0400

We created a CodeQL query that reduced 2,500+ compiler warnings about implicit conversions in OpenVPN2 to just 20 high-priority cases, demonstrating how to effectively identify potentially dangerous type conversions in C code.

Continuous TRAIL

Mon, 03 Mar 2025 00:00:00 -0500

Learn how to integrate TRAIL threat modeling into your SDLC, adapt and maintain models as your system evolves, and use them to identify security control gaps.

A few notes on AWS Nitro Enclaves: Attack surface

Tue, 24 Sep 2024 09:00:36 -0400

In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads.
But with great power comes great responsibility-and potential security pitfalls. As pioneers in confidential computing security, we at
Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these
hardened environments.

A few notes on AWS Nitro Enclaves: Images and attestation

Fri, 16 Feb 2024 09:30:32 -0500

AWS Nitro Enclaves are locked-down virtual machines with support for attestation. They are Trusted Execution Environments (TEEs), similar to Intel SGX, making them useful for running highly security-critical code. However, the AWS Nitro Enclaves platform lacks thorough documentation and mature tooling. So we decided to do some deep research into it […]

Publishing Trail of Bits’ CodeQL queries

Wed, 06 Dec 2023 08:30:25 -0500

We are publishing a set of custom CodeQL queries for Go and C. We have used them to find critical issues that the standard CodeQL queries would have missed. This new release of a continuously updated repository of CodeQL queries joins our public Semgrep rules and Automated Testing Handbook in an effort […]