https://miscreants.github.io/blog.trailofbits.com/categories/memory-safety/Recent content in memory-safety on The Trail of Bits BlogHugoen-usTue, 16 Dec 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/Tue, 16 Dec 2025 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/GWP-ASan is a sampling-based memory error detection tool that catches critical bugs like use-after-free and buffer overflows in production environments with near-zero performance overhead, unlike AddressSanitizer which is too resource-intensive for deployment.https://miscreants.github.io/blog.trailofbits.com/2024/05/16/understanding-addresssanitizer-better-memory-safety-for-your-code/Thu, 16 May 2024 09:00:57 -0400https://miscreants.github.io/blog.trailofbits.com/2024/05/16/understanding-addresssanitizer-better-memory-safety-for-your-code/This post will guide you through using AddressSanitizer (ASan), a compiler plugin that helps developers detect memory issues in code that can lead to remote code execution attacks (such as WannaCry or this WebP implementation bug). ASan inserts checks around memory accesses during compile time, and crashes the program […]https://miscreants.github.io/blog.trailofbits.com/2023/11/20/how-cisa-can-improve-oss-security/Mon, 20 Nov 2023 09:35:59 -0500https://miscreants.github.io/blog.trailofbits.com/2023/11/20/how-cisa-can-improve-oss-security/The US government recently issued a request for information (RFI) about open-source software (OSS) security. In this blog post, we will present a summary of our response and proposed solutions. Some of our solutions include rewriting widely used legacy code in memory safe languages such as Rust, funding OSS solutions to improve […]