We just published a new blog post about the TOCTOU vulnerability. You’ll learn:
- what it is
- why it’s serious
- how you can find it in your C and C++ code
- what you can do about it
Security is an eternal race between the techniques and technologies of attackers and those of the defenders. Today, I’m proud to announce a step forward for defenders with a new rule to detect a literal race condition: TOCTOU (or TOCTTOU) vulnerabilities, known in long-form as Time Of Check (to) Time Of Use.