oss-sec mailing list archives
Re: Re: Fuzzing project brainstorming
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 20 Nov 2014 20:23:09 +0100
On Thu, 20 Nov 2014 08:52:15 -0800 "M.T. Roebuck" <marvint.roebuck () inbox lv> wrote:
Maybe my problem is that your proposal seems herculean to me but can't help to think it's a reminder or sign that we need to think past the current state of things.
Compared to "starting from scratch" starting such a fuzzing project is not herculean, it's more like grabbing the low hanging fruit. But arguments alike come up every now and then. Basically you'll hear two things: "We have to mitigate / sandbox" and "please rewrite everything in [insert favorite non-C programming language]". I don't want to downplay either of these approaches. It's just that you have to be realistic. Nobody will rewrite everything from scratch in rust/go/haskell/whatever any time soon. There are a few interesting projects that try to rewrite key sofware in safer languages (mitls and servo come to mind), but they are few and none of them is in a production state. Our systems we have today - the ones we use to have this discussion, manage our bank accounts and surf the web - have imperfect software written mostly in unsafe languages. I feel fuzzing can improve the state of things a lot. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- Re: Fuzzing project brainstorming, (continued)
- Re: Fuzzing project brainstorming Kurt Seifried (Nov 20)
- Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming Sven Kieske (Nov 20)
- Re: Fuzzing project brainstorming Amos Jeffries (Nov 20)
- Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
- Re: Fuzzing project brainstorming Michal Zalewski (Nov 20)
- Re: Fuzzing project brainstorming Alexander Cherepanov (Nov 20)
- Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
- Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming Kurt Seifried (Nov 20)
- Re: Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Re: Fuzzing project brainstorming Daniel Kahn Gillmor (Nov 20)
- Re: Fuzzing project brainstorming M.T. Roebuck (Nov 21)