Dailydave mailing list archives
Re: Automatic Exploitation Paper Peer Review
From: Julien Vanegue <julien.vanegue () gmail com>
Date: Sun, 12 Dec 2010 10:58:41 -0800
I guess many will get the joke on the (undecidable) halting problem -- still, hackish or partial solutions can be attempted and will answer sometimes. Coming back on the main topic: industry vs academia Being myself a mid-product, neither fully academic nor practical mind, i have a mitigated opinion. In the case of AEG, we are in presence of high quality formal research for a security problem. I understand why Sean is annoyed by a couple of disturbing claims that everyone already identified. Exploitation is much more than input-of-death generation (else we could say a fuzzer is almost a AEG system, which clearly it is not) Now, let me ask you: are the best security industry experts capable of such a formal development? Wouldn't their attempt be comparable to the (inverse) attempts of Brumley & al at stepping into the exploit world, in terms of short-comings and clumsy claims? I don't think the folks at CMU wanted to fool anyone, they were simply under-educated in the area of exploitation. Still I find the article they wrote very valuable (just as Sean's thesis is -- maybe more comparison with his work would have been welcome, both works are more academic than anything else after all). I do not see a reason to trash academia or even the authors themselves for having over-estimated the impact of their practical contribution. If industry or a academia is seeking for more respect or collaboration potential from the other side, we should all avoid giving head butts to each other and educate / be educated on what the other is better at. My 2c, Julien On Dec 11, 2010, at 19:00, Chris Eagle <cse.lists () gmail com> wrote:
On 12/11/2010 1:22 PM, Fergie wrote:Something I used to tell my troops when I was in the Army ... Don't sit back in your area and bitch about something. Anyone can bitch. If you bring a problem to light, bring a potential solution as well... I don't mean that as harsh as it sounds when I read it back. I just mean to say that all of you smart folks who identify these problems can surely posit a solution to them....So, there's this little problem I have where given a program to analyze, all I want to know is whether it ever exits. Now having brought the problem to light, I am afraid I have no solution, perhaps you can help? Sometimes the "solution" is to point out that there is no solution, or that any potential solution is orders of magnitude more difficult than one might expect. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Automatic Exploitation Paper Peer Review dave (Dec 10)
- Re: Automatic Exploitation Paper Peer Review Charles Miller (Dec 10)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Jeffrey Walton (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review William Arbaugh (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Marius (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Fergie (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Chris Eagle (Dec 12)
- Re: Automatic Exploitation Paper Peer Review Julien Vanegue (Dec 12)
- Re: Automatic Exploitation Paper Peer Review Miles Fidelman (Dec 12)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Charles Miller (Dec 10)
- Re: Automatic Exploitation Paper Peer Review Jon Solworth (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Message not available
- Re: Automatic Exploitation Paper Peer Review Konrads Smelkovs (Dec 13)
- Re: {Spam?} Re: Automatic Exploitation Paper Peer Review Michael Gilhespy (Dec 13)
- Re: Automatic Exploitation Paper Peer Review Martin Žember (Dec 13)
- <Possible follow-ups>
- Re: Automatic Exploitation Paper Peer Review jmsc12 (Dec 14)
- Re: Automatic Exploitation Paper Peer Review Kristian Erik Hermansen (Dec 14)
- Re: Automatic Exploitation Paper Peer Review Christey, Steven M. (Dec 14)
- Re: Automatic Exploitation Paper Peer Review Anton Chuvakin (Dec 15)