memory-safety
Safeguard articles tagged "memory-safety" — guides, analysis, and best practices for software supply chain and application security.
37 articles
Memory safety in C/C++: the vulnerability classes that won't go away
Microsoft found ~70% of its patched CVEs trace to memory-safety bugs. Here's how buffer overflows, use-after-free, and double-free still happen — and what actually catches them.
Integrating C/C++ security scanning into CI pipelines
Roughly 70% of CVEs Microsoft assigns each year are memory-safety bugs. Here's how to catch them in C/C++ CI pipelines before they ship.
A hands-on stack buffer overflow in C++: root cause and mitigations
The Morris Worm hit ~6,000 machines in 1988 via one unsafe gets() call. We build and hijack a stack overflow in C++ to teach why canaries and ASLR exist.
Modern C++ security: smart pointers, bounds checking, and static analysis
Microsoft has said for years that ~70% of the CVEs it patches trace to memory-safety bugs — here's how modern C++ actually closes that gap.
The most common C++ vulnerability classes, and the tooling that catches them
Memory-safety bugs account for roughly 70% of high-severity CVEs in large C/C++ codebases at Microsoft and Google. Here's why, and what actually stops them.
Buffer Overflow Vulnerabilities: A Practical Guide
Buffer overflows write past the end of a memory buffer, corrupting adjacent data and often reaching code execution. Here is how they work and how to prevent them.
Memory-Safety Vulnerabilities in C/C++: What Static and Dynamic Analysis Actually Catch
Roughly 70% of the CVEs Microsoft and Google's Chrome team assign each year trace to memory-unsafe C/C++ code — how static analysis, sanitizers, and fuzzers each catch a different slice of it.
C/C++ security in automotive software-defined vehicles
MISRA C:2025 now spans roughly 225 guidelines and explicitly covers AI-generated code — but memory-safety bugs still drive roughly 70% of the vulnerabilities patched in major C/C++ codebases.
Identifying memory safety bugs with Valgrind
Valgrind's Memcheck catches use-after-free, leaks, and buffer overruns in unmodified C binaries — at the cost of running your program 10-50x slower.
When Node.js sandboxing stops at the C++ boundary
Node's permission model can block a native addon from loading at all — but once it's in, a single buffer overflow in C++ can corrupt the whole process.
What PHP's use-after-free bugs teach us about dynamic-runtime memory safety
Check Point disclosed three PHP 7 unserialize zero-days in 2016 alone. A decade of PHP use-after-free CVEs shows memory-safety risk doesn't end at the C/C++ boundary.
An introduction to C and C++ memory-safety vulnerabilities
Microsoft has reported that roughly 70% of the CVEs it patches each year trace back to memory-safety bugs — here's what buffer overflows, use-after-free, and double-free actually look like.