Posted by Christian Blichmann & Robert Swiecki, ISE Sandboxing team
Many software projects process data which is externally generated, and thus potentially untrusted. For example, this could be the conversion of user-provided picture files into different formats, or even executing user-generated software code.
When a software library parsing such data is sufficiently complex, it might fall victim to certain types of security vulnerabilities: memory corruption bugs or certain other types of problems related to the parsing logic (e.g. path traversal issues). Those vulnerabilities can have serious security implications.
In order to mitigate those problems, developers frequently employ software isolation methods, a process commonly
This post first appeared on Google security. Read the original article.