Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I see the book is from late 2006. An honest question for better understanding the security research field: how and how come is it still relevant? Things like algorithms (a la TAOCP) I can understand, as if you prove for example a lower bound for a class of algos it will stay like that forever, but in security research I would imagine the people involved protecting themselves from what is now 6 years old bad practices.


Two reasons.

First, because TAOSSA is an extremely good book.

Second, because TAOSSA deals with the fundamentals of vulnerabilities (with an intense focus on memory corruption issues).

The mainstream exploitation of memory corruption has evolved rapidly over the last 5 years or so, but the vulnerabilities themselves haven't changed. Use-after-free- style object lifecycle bugs are as old as Phrack.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: