> The point is that memory issues are a smallish number of issue compared to the larger ecosystem of vulnerabilities
If memory safety issues are 75% of exploited zero days it sounds to me like they're the biggest issue in the ecosystem by far.
> The point is that memory issues are a smallish number of issue compared to the larger ecosystem of vulnerabilities
If memory safety issues are 75% of exploited zero days it sounds to me like they're the biggest issue in the ecosystem by far.
Perhaps. But what percentage of exploits are actually zero days versus, say, 10 days or 100 days?
Most exploited code probably exists in the application layer in a high-level, memory safe language. I would wager that but I don’t have time to cite ten papers on HN.