Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...
IEEE

JasFree: Grammar-free Program Analysis for JavaScript Bytecode

Abstract: JavaScript is rapidly being deployed as binaries in security-critical embedded domains, including IoT devices, edge computing, and smart automotive applications. Ensuring the security of ...