Searching statically-linked vulnerable library functions in executable code
https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-vulnerable.html [googleprojectzero.blogspot.com]
2018-12-18 23:09
Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world software.