Rust in Android: move fast and fix things Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...

With Rust development surpassing C++ in the Android platform in 2025, we can start making reliable comparisons.

Rollback rates, code review latency, vulnerability density, and a CVE with a twist.

security.googleblog.com/2025/11/rust...

29 Years Since “Smashing the Stack”: Time to Smash Memory Unsafety Itself This coming Saturday marks the 29th anniversary of Aleph One’s seminal Phrack Magazine article, “Smashing the Stack for Fun and Profit.”…

Secure by Design software: It’s time to stop patching and start preventing. One year left before "Smashing the Stack" turns 30—let’s make it count! 🔐💪🛡️🗓️

medium.com/@boblord/29-...

"Memory Safety for Skeptics," where I argue why memory safety is worthwhile to pursue amid competing priorities!

queue.acm.org/detail.cfm?i...

#rustlang

Securing tomorrow's software: the need for memory safety standards Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, Silicon For decades,...

We're joining forces with industry & academia to call for memory safety standardization: security.googleblog.com/2025/02/secu.... It's a recognition that memory unsafety is no longer a niche technical problem but a societal one, impacting everything from national security to personal privacy.

Blog: Level Up Your Open Source Karma (And Your Wallet) by Improving Security This blog post takes you through everything you need to know about the Patch Rewards Program, including our newly introduced focus on memory safety (including reward multipliers!), recently increased ...

🛡️💸 We've revamped our Patch Rewards Program, extending its scope and increasing rewards for security patches – with a particular focus on memory safety, including bonus multipliers!

bughunters.google.com/blog/5273064...

Security Signals: Making Web Security Posture Measurable At Scale

Happy to publish the effort of my last five years: Security Signals.

research.google/pubs/securit...

Had a bunch of thoughts about the recent safety stuff, way more than fit in social media post... Blog post story time! (It's a bit of a ramble, sorry about that...)

chandlerc.blog/posts/2024/1...

#LLVM #Clang #MemorySafety

The best part? It’s incredibly cost-effective, with an average performance overhead of just 0.3%. So there’s really no reason not to do it if you’re running C++ code :)

This improves spatial safety across Google’s services, including performance-critical components of Search, Gmail, Drive, YouTube, and Maps. We’ve already seen it disrupt a red team exercise, reduce segfaults by 30%, and improve code correctness.

Retrofitting Spatial Safety to hundreds of millions of lines of C++ Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasada, Core Developer Attackers regularly exploit spatial mem...

Excited to share our latest blog post on memory safety! We’re tackling spatial safety in our massing C++ codebase by hardening live++ by default. It adds bounds checks to things like std::vector, preventing a fair bit of out-of-bounds vulnerabilities: security.googleblog.com/2024/11/retr...