Conversation
Edited 7 months ago

#LangSec Bugs of the Year Awards results are in (still from X :P)!

“The Most Impactful Parser Bug Of The Year Award is given to the WebP 0day” - awarded to @benhawkes

“The hardest to fix parser bug goes to the http://Binarly.io team for the LogoFAIL bugs.”

“The Best Parser Differential Awards goes to the inconsistent interpretation of YAML foods between Go and Rust.” - There is a link on the captured slide, and I’m pretty sure it’s @joern ‘s bug, but I can’t find a proper CVE anywhere…seriously people, references!

“The Weirdest Machine Award goes to Ian Beer @i41nbeer @benhawkes and @saelo

Full thread with runner ups:

https://x.com/jvanegue/status/1793801911650676915

1
10
15
Edited 7 months ago

@swapgs Yeah that CVE is referenced in joernchen’s post, but the issue shown on the photo doesn’t reference a CVE or a GitLab release, so it’s hard to map. I also think the quoted part is just wrong, as the photo also shows an excerpt about Devfile and Ruby…

2
0
3
@swapgs On an unrelated note we have to admire that #LangSec ppl apparently chose .txt as the presentation format just to be on the safe side! :D
0
0
6