Researchers from Georgia Tech have discovered an emerging class of C++ bugs, and Facebook has awarded them US$100,000 for their efforts.
The bugs are rooted in a new method for identifying “bad casting” vulnerabilities in C++ programs casted dynamically or statically at runtime. The researchers, who presented their findings at the USENIX Security ’15 conference, recommended combining both static and dynamic analysis to detect bad C++ type casts.
