Skip to main content
Information Security

All Questions

Ask Question
Tagged with
8 questions
NewestActiveBountiedUnanswered
1vote
1answer
107views

Is switching my C/C++ compiler for security testing generally reliable?

If I am shipping a program to my customers which is compiled with GCC, but I want to test the security of the program using Clang, is this generally okay, or will I miss certain security bugs because ...
the_endian's user avatar
the_endian
  • 1,347
2votes
1answer
425views

Does recompiling a binary from source code make it more secure/obscure?

Using standard hardening options like PIC, Stack Protection ... does a mere recompilation make a program more secure against attacks? You have the source code of a program, compile it two times with ...
plsrespond's user avatar
plsrespond
  • 21
2votes
2answers
188views

Does removing features from a library increase or reduce security risks?

Software libraries targetting resource constrained environments like embedded systems use conditional compilation to allow consumers to shave space and thus increase performance by removing unused ...
TZubiri's user avatar
TZubiri
  • 113
3votes
1answer
860views

How is compiling a program from source more secure?

When downloading compiled binaries for programs it is very important to check GPG signatures, Authenticode, hashes, etc. However, I often see people who say that compiling the code from source is the ...
rubberband876's user avatar
rubberband876
  • 193
1vote
2answers
276views

What are the security trade-offs of using reproducible builds?

From reproducible-builds.org: Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers. In ...
Philipp Claßen's user avatar
Philipp Claßen
  • 1,104
9votes
1answer
730views

Are there any type safe languages with deterministic compilers?

This article about BIND9 concludes with the statement: The point I'm trying to make here is that BIND9 should not be exposed to the public. It has code problems that should be unacceptable in this ...
makerofthings7's user avatar
makerofthings7
  • 51.1k
1vote
2answers
213views

Can pre-compiled binaries be different than if someone builds from source himself?

Given that I have an "acceptable" source code of some program (Tor was mentioned in a previous version of this question), where "acceptable" means that I trust this source code and want to use it for ...
Mars's user avatar
Mars
  • 1,843
7votes
2answers
2kviews

In Visual Studio, what are the risks of simply opening an untrusted project? What are the mitigations?

I'm looking at the source code of some potentially hostile code. As usual, VS 2012 is giving me the security warning: "You should only open projects from a trustworthy source" ... "ask me for every ...
makerofthings7's user avatar
makerofthings7
  • 51.1k

close