All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Golang Code Review Notes: Security Auditing and Bug Classes - Part II

By

Zoltan Madarassy

12h ago· 15 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Toasted golden, schmeared with insight. Top of the rack.

Score100TypeanalysisSentimentneutral

Summary

This is a follow-up blog post about Golang code auditing and security. The authors previously published a resource for code auditors and security-minded engineers to reference when auditing or developing Golang projects. This new post continues that work, covering additional bug classes commonly found during Golang code auditing projects, updated for recent changes and improvements in the Go programming language.

Key quotes

· 3 pulled
A couple of years ago we published a blog post with the intention to create a resource that code auditors and security-minded engineers can refer to when auditing or developing Golang projects.
Thanks to the second law of thermodynamics time only keeps moving forward, and as any decently supported modern programming language, Go has seen a lot of changes and improvements since our first blog post.
So we decided to create this follow-up post with the same idea in mind.
Snippet from the RSS feed
A couple of years ago we published a blog post with the intention to create a resource that code auditors and security-minded engineers can refer to when auditing or developing Golang projects.

You might also wanna read

Choosing Go for a Remote Code Execution Service in a Python-Dominant Environment

The article discusses the author's experience building a Go service at their workplace, which primarily uses Python. They explain why Go was

sgt.hootr.club·5mo ago

Interactive Guide to Go 1.26 Programming Language Features and Improvements

The article provides an interactive tour of Go 1.26 programming language features, highlighting key improvements including new expressions,

antonz.org·4mo ago

Understanding a Subtle Bug in Go's errgroup and the Importance of Testing

The article discusses a subtle bug encountered while working with Go's errgroup in a project called Kratos. The author shares their experien

gaultier.github.io·9mo ago

Personal Comparison of Go, Rust, and Zig Programming Languages Based on Hands-On Experimentation

The article presents a personal exploration and comparison of three modern programming languages - Go, Rust, and Zig - based on the author's

sinclairtarget.com·6mo ago

Introducing Mutation Testing for Go Cryptographic Assembly

The article discusses the challenges of testing assembly cores in the Go cryptography standard library due to their constant-time nature. It

words.filippo.io·10mo ago

Analyzing Data Race Vulnerabilities in Go's Concurrency Model

This article is a technical critique of Go programming language's concurrency model, focusing on how easily developers can create data races

gaultier.github.io·6mo ago