STONESOUP

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

C.F.: http://www.iarpa.gov/solicitations_stonesoup.html

To summarize the link above:
"""
 The goal of the STONESOUP program is to develop and demonstrate
technology to advance automated techniques for software analysis, to
combine them with methods for confining software execution so that known
weaknesses cannot be exploited, and to diversify software components so
that residual vulnerabilities will be more difficult for attackers to
discover or exploit. Tools that can operate on programs written in
common, type-safe languages such as Java or C#, in flexible but
harder-to-analyze languages such as C or C++, as well as programs only
available in binary format are all of interest to the program.
"""

Lately I've noticed a trend towards finding a way to force offensive
tools to become defensive tools. I think STONESOUP is one example of
this. Assuming it's not just a cover for "We want to find better bugs in
binaries" then STONESOUP is trying to take the unsolvable Google Native
Client problem and adding the very hard binary analysis problem.

But it is useful to learn how many teams there are with their own
amazing static analysis tools and fantastic containment systems. :>
Everyone go home! Problem solved! :>

- -dave

And now, a word from our sponsor that you should read and then respond
to! :>

_____________________________________________________________________
Immunity Inc. is offering the below special deal for the upcoming
Hacker Halted Conference in Miami, FL.  To get the special discounted
rate you will need to email admin () immunityinc com for the promo code
to be used at time of registration online.

1. Special rate of just $999 (Normal is $1299)

2. Full Access to ALL open sessions of the conference from Sep 23 -
25, 2009

3. All lunches and coffee breaks provided for (Sep 23 - 25, 2009)

4. Attend a choice one of the 3 following one-day training on Sep 25,
2009, covering the following topics:

a) Identifying Threats and Deploying Countermeasures
b) Incident Response: Principles of Incident Handling
c) Virtualization Security: Threats Exposed
*These workshops are led by EC-Council Master Instructors and are
worth $599!

5. Free EC-Council Certification Training Courseware and Exam Voucher!
Choose one of the following:

a. EC-Council Certified Secure Programmer (ECSP) Read HERE
<http://www.eccouncil.org/ECSP.htm>
b. EC-Council Certified VoIP Professional (ECVP) Read HERE
<http://www.eccouncil.org/ECVP.htm>
c. EC-Council Disaster Recovery Professionals (EDRP) Read HERE
<http://www.eccouncil.org/edrp.htm>
*These official electronic courseware and Prometric Prime Vouchers are
worth a combined of $900! ($650 + $250)
*Redeemable from Nov 1, 2009.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkqUW7QACgkQtehAhL0gheqouQCeJCHg7BS4janTGhC/kfWg9DFm
1LEAmwTwBAz+LbZExm4SCTSui3TgEC5J
=15wB
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave