Episode 535: Dan Lorenc on Supply Chain Attacks
Software Engineering Radio - the podcast for professional software developers
00:00
Compilers and Interpreters Are Not Enough to Secure a Compiler
There's a long spectrum between full turn and complete interpreter. A lot of these compression algorithms, JPEG and some of these other formats that you brought up are like little interpreters. And if they're not implemented perfectly correct and you don't know that that's what it's doing, you're executing some arbitrary code.
Transcript
Play full episode
