Re: Coverage and a recent paper by L. Suto

["Stephen John Smoogen" <smooge () gmail com>]

On 10/15/07, matthew wollenweber <mwollenweber () gmail com> wrote:
> Personally, I don't understand the current trend in fuzzer research to go
> obtain full code coverage. Sure, it's nice to check everything and have a
> fuzzer  traverse all the functions in the code, but maybe that's at the cost
> of doing it all poorly. If you have a fixed amount of time to do the
> assessment, I'd rather spend the time where it's needed.  As you said, it's
> better to thoroughly test the code in spots where the bugs are.

However, when you are hacking someone's brain (eg the core of
marketing/sales) to get someone to buy your product and keep buying
your product... you want to use the magic words. Most big purchases
are going to be done by some mid-level manager who has been asked to
prepare a report on how their code looks towards hacking for some
obscure SOX report.. even if he was a hacker 2 months ago.. he has
been to so many finance meetings that all those cells went to Bermuda
and didn't leave a forwarding address.

In the time-pressed managers brain 100% always sells better than say
10%. Even if you find 100% of the bugs in 10% of the code, and they
find 10% of the bugs in 100% of the code.. saying words like "Complete
code coverage" sits well in managements risk averse mind.



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave