Friday, 28 March 2025

We R in a Right Pickle With All These Insecure Serialization Formats

The term pickle has become synonymous with insecurity in the modern python community and yet it remains one of the most prevalent serialization formats in the python ecosystem. However, pickle, despite its wide use, has been talked to death. In this talk, we will take a step back and look at the root problem, the use of bytecode driven serialization formats. We'll dissect both pickle and RDS, R's serialization format, giving a never before seen deep dive into the R language's main serialization format..... By: Kasimir Schulz | Principal Security Researcher, HiddenLayer Tom Bonner | Vice President of Research, HiddenLayer Full Abstract and Presentation Materials: https://ift.tt/20lzV9t

source https://www.youtube.com/watch?v=yrM1ryBaIJs

No comments:

Post a Comment