FifthGraalAdventures
From APIDesign
(→Designing for Security) |
(→Designing for Security) |
||
Line 5: | Line 5: | ||
This item has already appeared in [[FourthGraalAdventures|last year's report]], but it is important to remind it again in the light of new consequences. In summer 2019 [[Oracle]] ethical hacker team decided to attack [[GraalVM]]. They succeeded and managed to escape the [[Truffle]] framework scripting sandbox. However they were testing an older [[GraalVM]] release candidate and meanwhile [[I]] was working on [[FourthGraalAdventures#Universal_Secure_Scripting_API|secure scripting API]] which made it into the first customer release of [[GraalVM]]. It turned out that the attack vector was fully eliminated by my secure fixes! | This item has already appeared in [[FourthGraalAdventures|last year's report]], but it is important to remind it again in the light of new consequences. In summer 2019 [[Oracle]] ethical hacker team decided to attack [[GraalVM]]. They succeeded and managed to escape the [[Truffle]] framework scripting sandbox. However they were testing an older [[GraalVM]] release candidate and meanwhile [[I]] was working on [[FourthGraalAdventures#Universal_Secure_Scripting_API|secure scripting API]] which made it into the first customer release of [[GraalVM]]. It turned out that the attack vector was fully eliminated by my secure fixes! | ||
- | Being a [[good]] architect is an [[InvisibleJob]], but when you predict future problems, address them and then a hacking attack proves you were right, then you | + | Being a [[good]] architect is an [[InvisibleJob]], but when you predict future problems, address them and then a hacking attack proves you were right, then you deserve to be called an architect! |
Revision as of 06:34, 17 June 2020
Fifth year has passed since I joined OracleLabs and it is time to look back and summarize.
Designing for Security
This item has already appeared in last year's report, but it is important to remind it again in the light of new consequences. In summer 2019 Oracle ethical hacker team decided to attack GraalVM. They succeeded and managed to escape the Truffle framework scripting sandbox. However they were testing an older GraalVM release candidate and meanwhile I was working on secure scripting API which made it into the first customer release of GraalVM. It turned out that the attack vector was fully eliminated by my secure fixes!
Being a good architect is an InvisibleJob, but when you predict future problems, address them and then a hacking attack proves you were right, then you deserve to be called an architect!