Re: Some Sums

["Steven M. Christey" <coley () mitre org>]

Tom Ptacek said:

> 2. A lot of people are "finding" things simply by being the first to
> aim someone else's fuzzer at them. I'm not sure what this implies, but
> it implies something.

It's a reflection of the disjointed, disorganized, competitive,
non-cooperative nature of the vuln research discipline - at least as
far as I can tell as an outsider.  The fact that some important vulns
are found by multiple researchers is also a reflection of this
problem, which is at least a problem from the "secure all software for
the public good" perspective - maybe not from other perspectives :)

And/or, maybe fewer people are using fuzzers than assumed - I'd be
interested in hearing what the fuzzer people think.

One of the ideas I'll probably never get to implement is to do a chart
of major technologies, which vuln types have been found in those
technologies, and/or which fuzzers have been aimed at them.  That
chart would probably have tons of holes in the beginning, but it might
at least provide one small mechanism for pointing industrious people
in different directions.  Take VoIP for example - it's kind of a shame
that most VoIP vulns are still in the minimal-complexity, pre-auth,
core functionality, obvious "Ax999" and "../../" manipulation stages.
Somebody industrious could totally steal this idea (with my blessing)
and put a few days of work into it and make something nice out of it,
but eh - easier said than done by somebody else.

- Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave