SLSA compliance 52 1 Istio Security Audit, 2023 Executive summary In September and October 2022 Ada Logics carried out a security audit of the Istio project. The audit was sponsored by the CNCF and facilitated Perform a SLSA review of Istio. The audit was started with a kickoff meeting, and following that, Ada Logics had weekly meetings with the Istio team to discuss questions and issues that came out throughout the vulnerability and assigned it CVE-2022-41721. 3 Istio Security Audit, 2023 Project summary Ada Logics auditors Name Title Email Adam Korczynski Security Engineer Adam@adalogics.com David Korczynski

review 38 Conclusions 40 1 Vitess Security Audit, 2023 Executive summary In March and April 2023, Ada Logics carried out a security audit of Vitess. The primary focus of the audit was a new component of the security posture of Vitess from different perspectives, they also offered a level of synergy; Ada Logics found two CVEʼs during the audit which the threat model goal helped to assess. The threat model with a meeting between Ada Logics, the Vitess maintainers and OSTIF. A�er that, all three parties met regularly to discuss issues and questions as they arose during the audit. Ada Logics shared issues of

Supply-chain mitigations 45 1 Dapr security audit 2023 Executive summary In May and June 2023, Ada Logics carried out a security audit for the Dapr project. The high-level goal was to complete a holistic Project Summary The auditors of Ada Logics were: Name Title Email Adam Korczynski Security Engineer, Ada Logics Adam@adalogics.com David Korczynski Security Researcher, Ada Logics David@adalogics.com The attacker full control over the query5. 5 We have tracked this issue under “Issues found” with ID ADA-DAPR-23-3. 12 Dapr security audit 2023 Because of this attack surface from untrusted input, it is

queries are welcome. 1 https://github.com/google/oss-fuzz Executive summary In this engagement, Ada Logics worked on creating a fuzzing suite for Dapr. At the time of this engagement, Dapr was doing was to build the fundamental infrastructure and improve the fuzzing efforts in a continuous manner. Ada Logics did that by first integrating Dapr into OSS-Fuzz and add fuzzers for important APIʼs of the all fuzzers are running continuously by way of OSS-Fuzz which will report if they find any crashes. Ada Logics wrote a total of 39 fuzzers that found 3 issues - 2 of which had their root cause in 3rd-party

Example >>> move_by_idmap({ ... '5bee6e82-f4ac-468e-bd3d-13e8600250bc': Queue('name'), ... 'ada8652d-aef3-466b-abd2-becdaf1b82b3': Queue('name'), ... '3a2b140d-7db1-41ba-ac90-c36a0ef4ab1f': Queue('name')} active at 0x7f6ada6db758>, 'active_queues': ada6dbd70>, 'add_consumer': ada6dbc80>, 'autoscale': ada6dbb90>, 'cancel_consumer': cancel_consumer at 0x7f6ada6dbcf8>, 'clock': ada6db230>, 'conf': ada6d7d70>, 'disable_events': ada6db398>, u'dump_active':

equal, are evolutions of the same “ancestors”. Other similar case is gcc and gnat. The latter, an Ada compiler, is built upon the former (a C compiler), adding many patches and lots of new code. In those 4%) • Assembler: 1,300,000 SLOC (1.3%) • Tcl: 1,080,000 SLOC (1%) • PHP: 648,000 SLOC (0.62%) • Ada: 576,000 SLOC (0.55%) • Modula3: 571,000 SLOC (0.55%) Below 0.5% we find some other languages: Java editor), Gnat (the GNU Ada95 compiler) and QTEmbed- dedFree (the QT Embedded GUI library). The main language for them is C, however, in Emacs we’ll find a lot of LISP code, and a lot of Ada in Gnat compiler

. 60 2.4 Operações de gestão avançada de pacotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 2.4.1 Operações de gestão avançada de pacotes com linha de comandos . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 2.13 Lista de operações de gestão avançada de pacotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 2.14 O conteúdo Consome mais memória e é mais lento. • O aptitude oferece um busca baseada em expressões regulares avançada em todos os meta-dados dos pacotes. • O aptitude pode gerir várias versões de pacotes sem utilizar

analysis and guidance • WG23 Vulnerabilities ISO for C, C++, Ada, Fortran, … • Guidelines for teamleads • Reviewed with each ISO C, C++, Ada, Fortran help Which one to choose and what is the difference

Herb Sutter 9/21/2020 25 51 Initialize before use. Precedent in Ada: Simple enough to teach in “Lesson 2” (www.functionx.com/ada/Lesson02.htm). Precedent in C#: Enforced, millions of non-expert programmers

programming language published 2001 D programming language published with Contracts support 2012 Ada programming language gains Contract support 2024 We are here13 Copyright (c) Timur Doumler | programming language published 2001 D programming language published with Contracts support 2012 Ada programming language gains Contract support 2024 We are here 2004 First C++ proposal ("D-like