llsoftsec
Consider context section on why software security is different for compilers
Consider whether there would be value in adding a section around why software security is different for compilers than other software categories.
Tentative section header: "Importance of software security for compilers"
Topics/subsections to cover:
- General overview of compiler specific attacks
- How the attacks differ from other software categories
- History of compiler vulnerabilities
- The potential impact of poor software security in compilers
This would be a relatively high level section near the start which would help set the context (and justification) for the rest of the book.
Thank you for sharing this suggestion @lyndon160 !
Your suggestion is making me realize that maybe we should model the security topics in the book as split between:
- A compiler is a piece of software, just like any other. It may have specific typical vulnerability classes that general software does not have. It seems that maybe the ideas raised in #45 and #46 map into this?
- A compiler, as a tool that translates software from one representation to another (binary) one, is well-placed to apply mitigations and hardening techniques for general software.
At the moment, at least I was thinking almost exclusively about the second class of topics for the scope of this book. Making it very clear that compilers have the above two roles could be very helpful in avoid confusion and bringing more structure to the content of the book, making it easier to process.
![allcontributors[bot] avatar](https://avatars.githubusercontent.com/in/23186?v=4 "Published by a pub.dev verified publisher"){kind=small}
Reading through PR #80 had me wondering about a related question. Are interpreters considered 'in-scope' in the book? That might inform this context section if distinctions need to be made on security issues concerning AOT, JIT compilation vs. interpreted languages.
