'. '

FifthGraalAdventures

From APIDesign

Revision as of 05:23, 17 June 2020 by JaroslavTulach (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

Fifth year has passed since I joined OracleLabs and it is time to look back and summarize.

Designing for Security

This item has already appeared in last year's report, but it is important to remind it again in the light of new consequences. In summer 2019 Oracle ethical hacker team decided to attack GraalVM. They succeeded and managed to escape the Truffle framework scripting sandbox. However they were testing an older GraalVM release candidate and meanwhile I was working on secure scripting API which made it into the first customer release of GraalVM. It turned out that the attack vector was fully eliminated by my secure fixes!

Retrieved from "http://wiki.apidesign.org/wiki/FifthGraalAdventures"
Personal tools
buy