>I really do not trust the OS so I would be zeroing out memory.

If you don't trust the OS, don't use it. If you use it, you're giving it access to all your files, full stop.

Sound simple but reality is much different. What if the intended users of your software use it?

Anyone using your software on a system they don't trust should have no expectation of the data being safe.

How do you trust the OS to zero out the memory when you tell it to then? You're being facetious.

Zeroing your own pages won't help. What if the OS reads in your super secret file into its cache pages which you have no control of. And those cache pages somehow got written to another process's page.

Sure, when are you doing that?

Remember, the bug "can cause arbitrary host OS pages to be written to the target file in some circumstances"

something like

   do_encryption(origin, destination)
   save_to_disk(destination)
   

You're clearing origin right before save_to_disk?

Oh I'm so sorry, destination had only been allocated for you, writing to it caused some other pages to be evicted and other processes being scheduled and the bug to be triggered and your data is still there. You lost

> That is me, I am an un-trusting soul.

Same here. I think it's a rare person that's been living and working with computers for more than 20 years that doesn't develop an innate distrust of them or at the very least a subtle set of supersticious about how they work, how they're supposed to work, and the best way to get your work done.