Blog post: Winning the race against TOCTOU vulnerabilities in C & C++

Hi all,

We just published a new blog post about the TOCTOU vulnerability. You’ll learn:

  • what it is
  • why it’s serious
  • how you can find it in your C and C++ code
  • what you can do about it

Security is an eternal race between the techniques and technologies of attackers and those of the defenders. Today, I’m proud to announce a step forward for defenders with a new rule to detect a literal race condition: TOCTOU (or TOCTTOU) vulnerabilities, known in long-form as Time Of Check (to) Time Of Use.

Read the rest in the blog