Version SHA2017 20170620

lecture: Improving security with Fuzzing and Sanitizers

Free and open source software has far too many security critical bugs.

Event large

A bug in Gstreamer could be used to own a Linux Desktop system. TCPDump released a security update fixing 42 CVEs. We have far too many security critical bugs in the free and open source software stack. But we have powerful tools to find them - we just have to use them.

In 2014 the speaker started the Fuzzing Project. This was motivated by the fact that for many free and open source software tools it's trivial to find memory corruption bugs with fuzzing tools.

Fuzzing is the idea of testing software by feeding it with malformed inputs. Modern coverage-based fuzzing tools like american fuzzy lop and libfuzzer are vastly more powerful than previous approaches. Combined with compiler features like address sanitizer they give us powerful ways to improve the security of our software.

Info

Day: 2017-08-05
Start time: 20:50
Duration: 01:00
Room: No

Links:

Feedback

Click here to let us know how you liked this event.