Replies: 1 comment 1 reply
-
|
Yes, I can agree that optimal spots to hunt for vulns are places where bugs have shown up historically and may fail to patch the issue correctly. Off the top of my head, one way we can think about implementing this is by taking the execution path for a certain target, and correlating symbol names with vulnerability disclosures and their respective patches. Their presence would certaintly warrant some more investigation / fuzzing time. This is actually a metric that I've thought about a bit, but I'm starting to lean more incorporating this as a separate auxiliary feature of the tool rather than a whole metric on its own. I'm open to your thoughts and ideas too! |
Beta Was this translation helpful? Give feedback.
-
|
Yes, this makes sense. It can work as a assistive metric, but doesn't need to work as metric itself. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Because released patch from vendors might not be correct or researchers could try finding variant of history bugs, the functions on the execution path could also be interesting target to fuzz. Do you think it could considered as one of the metrics?
Beta Was this translation helpful? Give feedback.
All reactions