Re: Re: Fuzzing project brainstorming

[Hanno Böck <hanno () hboeck de>]

On Thu, 20 Nov 2014 08:52:15 -0800
"M.T. Roebuck" <marvint.roebuck () inbox lv> wrote:

> Maybe my problem is that your proposal seems herculean to me but
> can't help to think it's a reminder or sign that we need to think
> past the current state of things.

Compared to "starting from scratch" starting such a fuzzing project is
not herculean, it's more like grabbing the low hanging fruit.

But arguments alike come up every now and then. Basically you'll hear
two things: "We have to mitigate / sandbox" and "please rewrite
everything in [insert favorite non-C programming language]".

I don't want to downplay either of these approaches. It's just that you
have to be realistic. Nobody will rewrite everything from scratch in
rust/go/haskell/whatever any time soon. There are a few interesting
projects that try to rewrite key sofware in safer languages (mitls and
servo come to mind), but they are few and none of them is in a
production state.

Our systems we have today - the ones we use to have this discussion,
manage our bank accounts and surf the web - have imperfect software
written mostly in unsafe languages. I feel fuzzing can improve the
state of things a lot.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description: