►
From YouTube: Memory Safety Sig (May 25, 2023)
B
A
B
B
C
A
A
Make
sure
Crow,
but
you
are
a
host
or
co-host
or
something
because
I
don't
want
to
leave
and
suddenly
kill
this
thing
right,
all
right,
so
I'm
the
host
all
right
can
make
you
co-host.
D
E
My
friend
always
great
to
see
you
I'm
glad
that
you're
back,
you
was
you,
you
were
missed,
I,
believe
you
were
on
PTO,
but
it's
not
by
the
time.
If
your
PTO
came,
everyone
knew
you
were
on
PTO,
because
the
question
started
to
fly.
Things
start
to
fall
apart.
It
feels
a
bit
of
Hellfire
and
brimstone
all
kinds
of
things.
C
B
D
Sure
so
welcome
everyone
to
the
memory
safety
Sig
meeting
on
the
agenda.
Do
we
have
any
new
friends
that
would
like
to
introduce
themselves
today.
C
My
name
is
Mikey,
basically
trying
to
figure
out
what
all
the
work
groups
are
working
on
in
under
the
open
ssf.
So
it's
been
a
journey.
D
It
is
hi
Mikey
nice
to
meet.
You
go
ahead,
please
and
fill
your
name.
It's
the
dock
that
I
just
linked.
D
A
D
D
Yeah,
okay,
so
you
can
see
my
screen
right.
The
right
screen,
the
pr
screen-
I'm
good
okay.
So
this
started
from
this
Google
doc,
which
are
also
placed
in
the
in
the
chat.
D
D
So
what
do
you?
What
does
the
group
think
should
we
go
over
the
entire
text?
Should
we
like
review
the
whole
document
as
it
is
now
and.
D
And
specifically,
there
are
two
to
Do's,
which
I
thought
we
can
assign
maybe
specific
people
too,
or
if
we
find
them
right.
So
we
have
the.
What
was
that
right?
So
we
plan
to
work
on
five
parts
whenever
possible:
move
the
internet's
most
political
software
to
memory
safe
by
default
languages
within
efficient
strategy
that
emphasizes
upgrading
the
most
security,
sensitive
components
first
and
each
one
of
those
parts
is
then
extended
in
the
next
section.
A
I
I
guess
maybe
the
question
here
is
yeah
I'm
not
doing
the
side-by-side
comparisons.
Is
this
significantly
changed
from
the
stream
from
the
immobilization
plan
and,
if
so,
where.
D
A
D
Exactly
and
that's
also
where
we
need
some
help
with
extending
those
right,
because
we
have
right
the
first
one
moving
critical
software
that
is
based
mostly
on
a
proximo
yep
and
I
I,
feel
it's
quite
well
explained.
Investing
in
safer
system
development
tools,
also
quite
a
bit
of
text
here.
However,
the
latter
two
don't
have
enough
text
and
I
guess
after
we
merge
this
BR.
Maybe
an
action
item
for
the
for
the
next
two
weeks
is
to
go
over
this.
A
I
I
do
think
that
if
you
keep
it
out
of
Mainline
for
a
long
time,
it
can
get
very
complicated
and
confusing
if
it's
clearly
marked
as
a
to-do
as
long
as
there's
a
an
agreement
that
that's
going
to
be
worked
completely,
to
do,
I'd
rather
go
ahead
and
merge
it
in
and
keep
working
as
opposed
to
constantly
keeping
out
out
of
band.
We
had
a
I
remember.
A
B
Yeah
I'll,
say
I
endorse.
Getting
this
in
to
get
I
will
be
glad
to
help
contribute
to
some
words
under
the
education
part
and
just
wherever
in
general,
I'll
provide
feedback
as
I
kind
of
do
a
closer
read.
A
And
I
can
commit
to
you
know
making
at
least
some
proposed
tweaks
for
the
for
the
third
part.
It
in
fact,
I
propose
is
an
agenda
item
and
a
item
specifically
related
to
that
so
I.
A
So
I
think
I
mean
I'm,
not
I'm,
not
saying
I
can
write
all
of
it
and
everything,
but
I
can
at
least
provide
something
and
then
other
people,
I'm
sure
can
have
their
own
suggestions
too.
F
I
I
can
volunteer
for
part
of
three
as
well
fantastic.
A
D
You
thank
you.
Thank
you.
Gabriel
I
just
saw
your
comment
or
so
Gabrielle
on
the
chat
from
I.
Try
to
walk
through
some
of
the
comments
here.
It
looks
like
most
of
it
is
integrated
for
some
things
which
I
haven't
found.
For
instance,
we
wanted
the
to
add
a
reference
to
the
nsa's
cyber
information
sheet.
Don't
think
that
was
integrated
yet
but
I
think
most
of
Gabriel's
points
were.
D
F
Unfortunately,
no
I
did
not
I,
think
well,
I
think
we
could
I,
don't
know
if
this
makes
sense
to
turn
some
of
this
comments
into
git
issues
or
or
put
requests
and
I,
don't
know
which
one
of
them
and
if
we
you
know,
we.
F
What
what
needs
to
be
done?
I,
don't
know
what
the
group
thinks.
F
Yeah
so
I
guess
I'll
go
through
the
comments
again
and
then
see
which
one
we're
not
integrated,
so
I'll,
just
open
issues
or
put
requests
I,
don't
know
how
you
want
to
handle
it.
F
Okay,
awesome.
Thank
you,
sorry
for
video
on
my
side
not
showing
up,
but
somehow
this
Mission
has
decided
that
its
camera
I
won't
talk
to
the
rest
of
your
personal
system.
Yeah.
F
A
Do
we
want
to
merge
this
PR
and
then
try
to
create
other
PRS
to
fill
in
the
to
do
gaps?
Is
that
the
theory
here.
D
We
do
there
is
a
an
issue
with
the
linter.
D
So
I
will
I
will
work
with
nail
tool
to
fix
that
and
then
we
can.
Oh
I
think
we
should
fix
that
right
before
merging.
A
Okay
yeah,
but
if
you
can
work
with
no
and
and
do
that
sooner
but
sounds
like
their
group
is
generally
okay
with
merging
once
we
fix
the
the
market,
yeah
yeah.
D
Do
we
want
to
manage
the
to-do's
as
issues
since
we
know
we
already
are
going
to
do
them
and
maybe
third
way
to
not
lose
track
of
those
sure?
So
that
sounds
like
a
great
idea.
A
A
Yep
yep
yep,
but
I'm
going
to
want
to
wait
on
the
pr
being
merged
because
it'll
be
much
easier
to
merge
into
it.
A
Yeah,
it's
on
the
yeah
tip
by
default
on
the
top
of
the
screen
scroll
and
try
to
scroll
past
the
top
of
your
screen.
Going
up
and
there'll
be
a
drop
down.
That
will,
let
you
do
things
like
stop,
sharing
got
it
there.
We
go.
B
D
So
next
on
the
agenda,
we
have
David
David.
Do
you
want
to
yeah.
A
A
Don't
need
to
do
that,
but,
okay,
basically,
my
question
is:
are
techniques
to
improve
memory
safety
and
seeing
plus,
plus
and
C
and
C,
plus,
plus
and
scope,
sounds
like
given
this
PR
that
we've
accepted
in
principle?
A
The
answer
is
yes,
because
that's
part,
three
I've
been
following:
in
particular,
the
Linux
kernel
folks
have
been
TR
as
well
as
trying
to
adopt
C
for
writing
drivers.
They
have
been
actively
taking
steps
to
try
to
change
the
C
code
to
make
to
counter
at
least
some
memory
safety
problems,
it's
very
very
hard
to
counter
some
of
them
and
see,
but
some
of
the
most
common
ones
all
involve
buffer
overflows
and
there's
a
lot
of
techniques
that
you
can
use
in
scene,
C
plus,
plus,
to
counter
buffer
overflows.
A
Some
are
just
simple,
compiler
Flags,
but
there
are
also
techniques,
newer
techniques,
they're
being
developed
and
I.
Don't
that
what's
weird,
though,
is
there
doesn't
seem
to
be
a
spec
that
says:
do
this
and
the
problem
goes
away
like
case
cook.
A
Has
some
awesome
has
some
documentation
about
how
they're
changing
how
flexible
array
work
a
bounded,
flexible,
arrays
work
and
the
GCC
and
ceiling
folks
in
particular,
are
planning
to
add
some
attributes
to
make
it
much
much
easier
for
a
compiler
to
know
what
the
bound,
what
what
well
both
compile
time
and
run
time
with
the
bounds
of
arrays,
are
in
C
and.
A
Oh
okay,
yeah
excellent.
Let's
add
that
too
I
see
in
the
chat.
There's
another
link
see
also
yeah
yeah.
You
know
so,
basically
the
boundary
flexible
Ray
stuff
is
it's
really
competency
to
have
a
structure.
The
last
element
of
the
structure
is
an
array
with
an
unknown
bound
length
historically
in
C.
Well,
if
you
go
back
enough,
you
would
say
you
create
an
array
of
size
one
and
then
you
ignore
that
and
do
something
different
and
that's
a
terrible
idea.
A
The
compiler
runtime
of
no
idea,
what's
going
on
a
non-standard
approach,
is
to
say
it's
zero
length
which
works
and
practice,
although
it's
not
really
what
we're
supposed
to
do
and
they
have
a
better.
They
have
some
better
approaches
that
are
work
more
nicely
with
compilers
and
so
on.
So
you
know
that
sort
of
stuff.
Where
do
this?
Not
that
and
here's
how
you
do
it?
A
Bringing
that
information
from
one
particular
project
like
the
Linux
kernel
to
if
you
are,
if
you
are
in
CNC
plus
plus,
and
you
cannot
afford
to
rewrite-
which
I
think
is
a
lot
of
places?
What
can
you
do?
That's
you
know
that
is
a
killer
in
in
resources
and
and
actually
helps.
F
Yeah,
so
you
know
so
at
last
meeting.
Whatever
reason
why
we
added
bullet
3
was
that
we
agreed
that
the
memory
safe
is
not
a
a
binary
zero
one
thing,
but
you
know
a
shade:
you
have
a
scale
and
the
languages
like
cereal,
C
plus
plus
they
may
not
be
Memory
saved
by
default.
But
if
you
have
enough
construct
or
compilation
processes
in
place,
you
can
actually
bring
your
software
to
a
place
where
you
minimize
or
reduce
some
of
these
memory
safety
issues.
F
That
is
why
we
explicitly
added
bullets
three
there.
So
what
you're
saying
from
my
perspective,
given
that
prior
agreement
from
the
group
is
directly
in
scope
right
so
I
think
one
of
everything
we
could
do
is
that's
part
of
topic.
No
three
is
have
a
kind
of
high
level
descriptions
of
what
goes
in
that
direction.
What
can
be
done
and
then
possibly
provide
links
external
links
to
folks
who,
with
more
in-depth
description
of
how
they
can
concretely
move
their
software
forward.
A
Okay,
so
there's
an
existing
openssf
working
group
that
is
identifying
compiler
Flags,
and
so
what
I
would
suggest
is
and
just
trying
to
separate
things
out.
Basically,
the
compiler
Flags
folks,
which
is
also
part
of
the
best
practices
working
group.
A
They
keep
doing
this
and
then
this
memory
safety
group
might
create
a
spec
that
says
here
if
you're
using
C
here's
what
you
can
do,
Point
here
for
Flags,
there's
very
option:
compiler
Flags
is
where
you
go
and
hear
some
other
things
you
can
do,
and
that
would
be
a
potential
outcome
of
this
group.
Is
that
a
fair.
F
You
know
I
think
that
will
be
a
very
practical
outcome.
A
F
So
you
you
mean,
having
a
group
create
a
spec,
for
you
know
directed
at
the
CNC
process,
compilers
option
group
well.
A
I'm
not
sure
spec
is
the
right
term.
It
may
be
a
guy,
but
basically
a
how's.
This.
Let
me
type
try
to
type
and
write
and
think
this.
At
the
same
time,
a
potential
output
of
this
group
would
be
a
guide
or
a
spec
of
how
to
improve,
say,
memory,
safety
and
CNC,
plus
plus
building
on
other
work
at
such
as
those
yeah.
A
And
frankly,
I
suspect
guide
is
more
important
than
or
spec
a
guide
is
probably
more
likely.
D
A
That
that
is
correct,
and
it's
also
specifically
focused
on
compiler
option.
Flags
now,
obviously
compiler
option
flags
are
important
for
this
use
case
as
well,
but
what
they're
not
going
to
cover,
for
example,
is
I
I
mentioned
the
bounded
flexible,
arrays
I
think
that's
a
useful
example,
because
I
mean
basically
boundary.
Flexible
Rays
occur
all
over
in
the
Linux
kernel
and
they
occur
many
other
C
programs
as
well,
and
but
although
there
are
some
compiler
option
flags
that
help,
you
basically
have
to
change
the
code
to
make
those
flags
really
work.
A
You
know
it's
not
like
you're
re
you're,
not
rewriting.
It
took
a
different
programming
language,
but
you
are
changing
it.
So
if
I
guess
the
most
ridiculous
example
is,
if
you
really
really
wanted
to
stick
with
standard
C
and
then
abuse
the
heck
out
of
it,
you
might
end
it
with
an
array
of
size
one
and
then
ignore
this
array
size
and
do
your
own
calculations,
the
that's
a
problem.
A
Okay
turns
out
by
the
way,
it's
also
a
coding
problem,
because
now
you
have
inserted
one-off
problems
everywhere,
which
is
glorious
and
fun,
and
so,
basically,
you
have
to
change
the
code
to
make
it
so
that
the
arrays
have
have
an
empty
bound
and
I'm
more
and
hopefully
soon
the
sea,
Lang
and
GCC
folks
will
agree
on
extensions
to
actually
Mark
within
structures
how
to
figure
out
the
size,
because
in
many
cases
there
is
an
element
somewhere
in
the
structure.
A
That
tells
you
how
many
elements,
but
the
C
programming
language
has
no
way
to
annotate
that.
So,
basically,
you
end
up
changing
the
code.
It's
not
that
you're
rewriting
another
language,
but
you
are
making
code
changes.
So
it's
much
more
than
a
compiler
flag.
It's
a
compiler
flag,
plus
certain
other
conventions.
A
D
My
case
here,
you
wrote
in
the
chat
boost
I'm,
not
familiar
with
that.
It's
that
platform.
C
C
We
also
when
I
used
to
work
with
C
plus
plus
I.
We
had
the
the
pleasure
of
trying
to
Define
for
the
developers
how
how
to
compile
how
to
what
to
include-
and
it's
also
I
think
a
good
good
thing
to
understand
that
a
lot
of
these
security
models
for
C
and
CIS
plus
are
all
Hardware
based
or
compiler,
based,
which
has
a
lot
of
effect
on
how
developers
accept
this,
because
they
may
not
be
have
the
support
or
they
don't
want
to
push
this
weird
plugin
of
GCC
or
I.
A
All
right
and
by
the
way,
I
I,
I've
added
that
note
and
also
I,
think
it
sounded
like,
for
example,
especially
for
the
Boost
C
plus
plus,
for
example.
There
may
need
to
be
a
separate
one
for
C
versus
C
plus
plus,
because,
yes,
there's
some
overlaps,
but
they
are
two
different
languages
and
boost,
for
example,
won't
help
C
plus
plus
C
users,
but
might
be
a
very
good
idea
for
a
C
plus
plus
user.
F
Yeah,
so
you
know,
I
think
this
yeah
we're
talking
hey
good
boost
is
a
good
suggestion,
but
I
think
we
need
to
be
careful
about
what
kind
of
recommendations
we
make
because
I've
seen
many
places
where
they
explicitly
banned
boost
for
for
various
reasons,
and
so
are
we
going
to
say
if
you
don't
use
boost
you're
not
complying
to
do
this
guide
and
so
I
think
we
need
a
bit
more
discussions
there,
but
I
don't
know
if
this
meeting
specifically
will
be
the
one
that
resolved
the
issues.
F
F
Yeah,
okay,
so
push
is
a
very
large
library
that
has
been
around
since
1998
right
after
31st,
C
plus
plus
standards
came
out
and
it
had
features
that
worked
well
orders
not
so
much
they
don't
have.
Not
all
the
components
have
active
maintainers.
So,
for
example,
if
you
have
CV
things
coming
and
then
it
they're
not
always
taken
care
of,
because
you
know
you
need
the
appropriate
maintainers
to
to
take
care
of
it,
and
so
it
maintenance
is
the
thing
that
we
need
to.
F
Actually,
especially
when
we're
talking
about
cve,
we
need
to
actively
monitor
it
before
we
recommend
sum
of
components
or
actively
developed,
but
not
all
of
them.
F
Yeah
some
are
flame,
but
not
like
Auto
pointer
migrated
to
be
standard,
but
other
stuff
were
not,
but
the
the
lost
the
air
maintainers
and
and
it's
an
active
conversation
in
the
Boost
Community.
You
know
in
itself,
like
a
couple
of
weeks
ago,
they
had
a
huge
discussion
on
radiate
about
what
to
do
about
all
these
vestigial
components
that
I
use,
but
not
maintained
in
in
that
sort
of.
F
So
this
is
not
saying
we
shouldn't
reconcos
I'm,
saying
we
need
more
nuance
and
focused
conversation
about
what
exactly
is
being
recommended
and
and
so,
and
what
is
the
the
the
the
process
model
for
monitoring
CV
taking
care
of
you
know,
software
people
are
using
got
it.
D
Thanks
that
was
a
very
interesting
discussion.
I
learned
a
lot
that
marks
the
end
of
our
agenda.
For
today.
Does
anyone
want
to
add
another
open
to
the
to
the
meeting?
If
not,
everyone
gets
almost
30
minutes
back
and
I
get
my
weekend.
No.
F
F
D
D
Thank
you
same
here
and
so
action
items.
We
have
action
items
right
for,
for
the
next
call.
Crop
I
can
work
with
you
on
the
education.
If
you,
if
you
want
I'd,
be
happy
to
collaborate.
Yeah
like.
B
I'll
put
something
together,
unfortunately,
I
don't
have
any
permissions
on
this
repository,
so
I
just
thought:
a
regular
old
user,
but
I'll
do
some
comments
and
I'll
do
a
PR.
D
Thanks:
okay,
so
I'll
pick
up
the
review
great.
So
thanks
everyone
and
see
you
on
the
next
call
sure
bye.