{"id":4093,"date":"2022-09-20T09:00:25","date_gmt":"2022-09-20T07:00:25","guid":{"rendered":"https:\/\/sanctuary.dev\/?p=4093"},"modified":"2022-09-26T10:22:35","modified_gmt":"2022-09-26T08:22:35","slug":"managing-run-time-vulnerabilities","status":"publish","type":"post","link":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/","title":{"rendered":"Managing Run-Time Vulnerabilities"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4093\" class=\"elementor elementor-4093\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-51504da nd-elementor-section-full elementor-section-height-default elementor-section-height-default\" data-id=\"51504da\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b4cd865\" data-id=\"b4cd865\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ed5add9 elementor-widget elementor-widget-text-editor\" data-id=\"ed5add9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"nd-font-size-intro\">Managing run-time vulnerabilities is a rather nasty problem of modern software engineering. In this post, we will examine a number of approaches that have been proposed and implemented by the security community. Some approaches aim at <em>preventing<\/em> the existence of bugs, some others aim at <em>finding<\/em> the bugs before the code is deployed, and yet others aim at making existing bugs harder to exploit in the field.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a54d028 nd-elementor-section-big elementor-section-height-default elementor-section-height-default\" data-id=\"a54d028\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f9a9429\" data-id=\"f9a9429\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1f9dbdd elementor-widget elementor-widget-nd-image\" data-id=\"1f9dbdd\" data-element_type=\"widget\" data-widget_type=\"nd-image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<div class=\"nd-image\">\n                \n    \n        \n                <div class=\"d-flex flex-wrapper align-items-start\">\n                                            <img decoding=\"async\" style=\"\" src=\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches.png\" class=\"full-image skip-lazy\"  srcset=\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches.png 1920w, https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches-720x440.png 720w, https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches-1620x990.png 1620w, https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches-1162x710.png 1162w, https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches-1536x938.png 1536w, https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches-18x12.png 18w, https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/Vulnerability-Management-Approaches-480x293.png 480w\" sizes=\"(min-width: 768px) 100vw, 100vw\" alt=\"Overview Vulnerability Management Approaches\">\n                                    <\/div>\n            \n        \n        \n    <\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7266d3b nd-elementor-section-full elementor-section-height-default elementor-section-height-default\" data-id=\"7266d3b\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a973b97\" data-id=\"a973b97\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-60efb47 elementor-widget elementor-widget-text-editor\" data-id=\"60efb47\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2 id=\"preventing-run-time-vulnerabilities\">Preventing Memory Corruption<\/h2>\nThe most radical approach is to try and prevent run-time vulnerabilities from ever being introduced in the application. As an example, switching from a memory-unsafe language like C (which places the burden of memory management on the programmer) to a memory-safe language like Rust or Python inherently prevents a number of classes of memory-corruption vulnerabilities. Similar effects, although harder to prove, can be achieved with developer education and strict coding conventions.\n\nWhile valuable, these approaches do not help projects with existing codebases written in memory-unsafe languages.\n<h2 id=\"finding-run-time-vulnerabilities-before-deployment\">Finding Bugs Before Deployment<\/h2>\nA second approach for managing run-time vulnerabilities is to acknowledge the likely presence of memory-corruption vulnerabilities in a codebase and to try to find them before deployment to a production environment. This can be done using a number of techniques:\n\n<ul class=\"ul default-list\">\n \t<li><span>A comprehensive test suite can be useful to ensure that the code performs in accordance with the specification. However, human-written test suites tend to focus on <em>intended<\/em>&nbsp; functionality, while vulnerabilities are by definition <em>unintended<\/em>.<\/span><\/li>\n \t<li><span>Automated software testing, or <em>fuzzing<\/em>, can be used to automatically construct interesting test cases and explore any reachable branch of the program. Fuzzing is a very effective technique to find bugs and we use it extensively at SANCTUARY to uncover complex bugs in our software during development. However, it does not give any guarantee about the absence of further bugs in the program.&nbsp;<\/li>\n \t<li><span>Static analysis tools can detect and report a number of coding patterns that go against the best practices and often lead to run-time vulnerabilities. One popular tool is the <a href=\"https:\/\/clang-analyzer.llvm.org\/\">Clang Static Analyzer<\/a>, which can easily be added to an LLVM-based compilation flow, and is also one approach that we use at SANCTUARY to ensure high code quality. While static analysis tools help to ensure a good code quality, they also raise false warnings frequently.<\/span><\/li>\n \t<li><span>Formal methods can be used to prove that the program behaves according to a specification. This is a very powerful guarantee; however, formally verifying the correctness of a program can require a significant amount of human effort. As a result, it scales poorly to complex software. Applying formal methods to legacy code is even harder, and often a compromise has to be made on which parts should get verified.<\/span><\/li>\n<\/ul>\nApplying these techniques usually leads to the discovery of many bugs. However, unless formal methods are used, it is impossible to guarantee that the application is bug-free. As a result, <em>run-time mitigations<\/em>&nbsp; should be deployed as well.\n\n<h2 id=\"mitigating-existing-run-time-vulnerabilities\">Mitigating the Ones That Slipped Through<\/h2>\nThe last approach for managing run-time vulnerabilities acknowledges that, even after thorough testing, there are likely still memory-corruption vulnerabilities that have not been discovered. Hence, the idea is to put in place <em>mitigations<\/em>&nbsp; that aim at making vulnerabilities harder to exploit. Run-time mitigations can be categorized according to their operating principle:\n\n<ul class=\"ul default-list\">\n \t<li><span>Defenses based on <em>software diversity<\/em> (or randomization) automatically change some detail of the application, which the attacker needs to know in order to mount the attack. The application\u2019s functionality is unchanged, but the attacker now lacks some information which is required for the attack. As an example, a common mitigation is to randomize the location of the application\u2019s code in memory. Randomization defenses are conceptually simple and generally enjoy good compatibility and low performance overhead. Still, if the adversary is able to guess or somehow disclose the randomization secret, the mitigation stops being effective. Hence, at SANCTUARY, we combine randomization with the two other mitigations mentioned below.<\/span><\/li>\n \t<li><span>Defenses based on <em>integrity checks<\/em>&nbsp; instrument the application in order to enforce some security property. A prominent example is Control-Flow Integrity (CFI), which ensures that the actual control flow of a program complies with a control-flow graph (CFG) which can be generated from the program\u2019s source. While CFI gives deterministic security guarantees, generating accurate CFGs is very challenging, leading to the necessity of using approximate CFGs, which reduces the protection accuracy. Moreover, CFI does not protect against attacks that do not deviate from the theoretical CFG; these include simple attacks that just read some data from memory and more complex data-only attacks.<\/span><\/li>\n \t<li><span>Defenses based on <em>memory isolation<\/em>&nbsp; aim at partitioning the application into smaller components and enforcing barriers between them, so that a vulnerability in a component cannot be used to attack a different one. As an example, Trusted Execution Environments (TEEs) use hardware-enforced memory isolation to ensure their integrity and confidentiality. This is also the core concept of the <a href=\"https:\/\/sanctuary.dev\/solutions\/consolidation\/\">Sanctuary Embedded Consolidation<\/a>. Yet, there can still be a vulnerability inside the same component, for which we at SANCTUARY leverage the former two mitigations in combination with extensive testing.<\/span><\/li>\n<\/ul>\nThese mitigation principles can also be combined: as an example, a defense like CFI can be employed inside a TEE. Further, <a href=\"https:\/\/sanctuary.dev\/solutions\/security-services\/\">monitoring<\/a> can be used to detect resulting anomalies.\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Run-time vulnerabilities are a nasty problem of modern software engineering. In this post, we examine a number of approaches that have been proposed and implemented by the security community. Some approaches aim at preventing the existence of bugs, some others aim at finding the bugs before the code is deployed, and yet others aim at making existing bugs harder to exploit in the field.<\/p>\n","protected":false},"author":11,"featured_media":4112,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-4093","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-know-how"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Managing Run-Time Vulnerabilities - SANCTUARY<\/title>\n<meta name=\"description\" content=\"Managing run-time vulnerabilities is a nasty problem of modern software engineering. In this post, we examine approaches to address them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Managing Run-Time Vulnerabilities - SANCTUARY\" \/>\n<meta property=\"og:description\" content=\"Managing run-time vulnerabilities is a nasty problem of modern software engineering. In this post, we examine approaches to address them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"SANCTUARY\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-20T07:00:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-26T08:22:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"821\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tommaso Frassetto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sanctuary_dev\" \/>\n<meta name=\"twitter:site\" content=\"@sanctuary_dev\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/\"},\"author\":{\"name\":\"Tommaso Frassetto\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/5ae917b53e37c76258cccc3f7463cad0\"},\"headline\":\"Managing Run-Time Vulnerabilities\",\"datePublished\":\"2022-09-20T07:00:25+00:00\",\"dateModified\":\"2022-09-26T08:22:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/\"},\"wordCount\":871,\"publisher\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg\",\"articleSection\":[\"Know-how\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/\",\"url\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/\",\"name\":\"Managing Run-Time Vulnerabilities - SANCTUARY\",\"isPartOf\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg\",\"datePublished\":\"2022-09-20T07:00:25+00:00\",\"dateModified\":\"2022-09-26T08:22:35+00:00\",\"description\":\"Managing run-time vulnerabilities is a nasty problem of modern software engineering. In this post, we examine approaches to address them.\",\"breadcrumb\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage\",\"url\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg\",\"contentUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg\",\"width\":1200,\"height\":821,\"caption\":\"Managing run-time vulnerabiltiies\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sanctuary.dev\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Managing Run-Time Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#website\",\"url\":\"https:\/\/sanctuary.dev\/en\/\",\"name\":\"SANCTUARY\",\"description\":\"The Embedded Security Experts\",\"publisher\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sanctuary.dev\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#organization\",\"name\":\"SANCTUARY\",\"url\":\"https:\/\/sanctuary.dev\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png\",\"contentUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png\",\"width\":1841,\"height\":1841,\"caption\":\"SANCTUARY\"},\"image\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/sanctuary_dev\",\"https:\/\/www.linkedin.com\/company\/sanctuary-dev\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/5ae917b53e37c76258cccc3f7463cad0\",\"name\":\"Tommaso Frassetto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2fe19fd55fdeee8289a9a527ffa7307c3f17c8cd85e2f168d3ab04a3497e1876?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2fe19fd55fdeee8289a9a527ffa7307c3f17c8cd85e2f168d3ab04a3497e1876?s=96&d=mm&r=g\",\"caption\":\"Tommaso Frassetto\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Managing Run-Time Vulnerabilities - SANCTUARY","description":"Managing run-time vulnerabilities is a nasty problem of modern software engineering. In this post, we examine approaches to address them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Managing Run-Time Vulnerabilities - SANCTUARY","og_description":"Managing run-time vulnerabilities is a nasty problem of modern software engineering. In this post, we examine approaches to address them.","og_url":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/","og_site_name":"SANCTUARY","article_published_time":"2022-09-20T07:00:25+00:00","article_modified_time":"2022-09-26T08:22:35+00:00","og_image":[{"width":1200,"height":821,"url":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg","type":"image\/jpeg"}],"author":"Tommaso Frassetto","twitter_card":"summary_large_image","twitter_creator":"@sanctuary_dev","twitter_site":"@sanctuary_dev","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/"},"author":{"name":"Tommaso Frassetto","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/5ae917b53e37c76258cccc3f7463cad0"},"headline":"Managing Run-Time Vulnerabilities","datePublished":"2022-09-20T07:00:25+00:00","dateModified":"2022-09-26T08:22:35+00:00","mainEntityOfPage":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/"},"wordCount":871,"publisher":{"@id":"https:\/\/sanctuary.dev\/en\/#organization"},"image":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg","articleSection":["Know-how"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/","url":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/","name":"Managing Run-Time Vulnerabilities - SANCTUARY","isPartOf":{"@id":"https:\/\/sanctuary.dev\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg","datePublished":"2022-09-20T07:00:25+00:00","dateModified":"2022-09-26T08:22:35+00:00","description":"Managing run-time vulnerabilities is a nasty problem of modern software engineering. In this post, we examine approaches to address them.","breadcrumb":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#primaryimage","url":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg","contentUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/HackerCode.jpg","width":1200,"height":821,"caption":"Managing run-time vulnerabiltiies"},{"@type":"BreadcrumbList","@id":"https:\/\/sanctuary.dev\/en\/blog\/managing-run-time-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sanctuary.dev\/en\/"},{"@type":"ListItem","position":2,"name":"Managing Run-Time Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/sanctuary.dev\/en\/#website","url":"https:\/\/sanctuary.dev\/en\/","name":"SANCTUARY","description":"The Embedded Security Experts","publisher":{"@id":"https:\/\/sanctuary.dev\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sanctuary.dev\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sanctuary.dev\/en\/#organization","name":"SANCTUARY","url":"https:\/\/sanctuary.dev\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/","url":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png","contentUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png","width":1841,"height":1841,"caption":"SANCTUARY"},"image":{"@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/sanctuary_dev","https:\/\/www.linkedin.com\/company\/sanctuary-dev\/"]},{"@type":"Person","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/5ae917b53e37c76258cccc3f7463cad0","name":"Tommaso Frassetto","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2fe19fd55fdeee8289a9a527ffa7307c3f17c8cd85e2f168d3ab04a3497e1876?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2fe19fd55fdeee8289a9a527ffa7307c3f17c8cd85e2f168d3ab04a3497e1876?s=96&d=mm&r=g","caption":"Tommaso Frassetto"}}]}},"_links":{"self":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts\/4093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/comments?post=4093"}],"version-history":[{"count":133,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts\/4093\/revisions"}],"predecessor-version":[{"id":4709,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts\/4093\/revisions\/4709"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/media\/4112"}],"wp:attachment":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/media?parent=4093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/categories?post=4093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/tags?post=4093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}