Version Tomorrow is the first day of the rest of your life

lecture: Improving security with Fuzzing and Sanitizers

Free and open source software has far too many security critical bugs.

Event large

A bug in Gstreamer could be used to own a Linux Desktop system. TCPDump released a security update fixing 42 CVEs. We have far too many security critical bugs in the free and open source software stack. But we have powerful tools to find them - we just have to use them.

#Software #DeviceSecurity #Sharing

In 2014 the speaker started the Fuzzing Project. This was motivated by the fact that for many free and open source software tools it's trivial to find memory corruption bugs with fuzzing tools.

Fuzzing is the idea of testing software by feeding it with malformed inputs. Modern coverage-based fuzzing tools like american fuzzy lop and libfuzzer are vastly more powerful than previous approaches. Combined with compiler features like address sanitizer they give us powerful ways to improve the security of our software.

Info

Day: 2017-08-05
Start time: 20:50
Duration: 01:00
Room: No
Track: Curated by SHA2017

Links:

Feedback

Click here to let us know how you liked this event.