Shortlog - a log of everyday things



My friend Nick Zentay got into grad school, fully funded, at Texas A&M! I am proud of him.

Taint tracking has to be the most underwhelming security tool I have ever heard of. It simultaneously produces too many false negatives and too many fakse positives. Any attept to reduce one increases the other, and both mistakes can be easily triggered by benign code and malware alike. It balloons completely out-of-control, unless you designed the whole program you're analyzing with taint tracking in mind, in which case you already reap the benefits of privilege separation thanks to a clean architecture. I'm a little frustrated that we spent so long in Security today talking about such a fundamentally flawed idea. Time to read some refutation papers (and then the refutations of the refutations).