10 Dec
2022
10 Dec
'22
1:23 p.m.
On Fri, 2 Dec 2022 15:41:48 +1300, Peter Reutemann quoted:
'[Memory-safety vulnerabilities] are now 35% of Android's total vulnerabilities versus 76% four years ago.'
Looking at the blog post in question <https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html>, it admits that the _total_ number of vulnerabilities is not coming down. However, what they say is “Memory safety vulnerabilities tend to be much more versatile” in terms of exploitability. So therefore, “With the decrease in our most severe vulnerabilities, we’re seeing increased reports of less severe vulnerability types”, and that overall is still an improvement in security.