CERT Releases Basic Fuzzing Framework

← Back to Stories (view on slashdot.org)

CERT Releases Basic Fuzzing Framework

Posted by timothy on Thursday May 27, 2010 @12:53PM from the this-field-cannot-be-left-blank dept.

infoLaw passes along this excerpt from Threatpost: "Carnegie Mellon University's Computer Emergency Response Team has released a new fuzzing framework to help identify and eliminate security vulnerabilities from software products. The Basic Fuzzing Framework (BFF) is described as a simplified version of automated dumb fuzzing. It includes a Linux virtual machine that has been optimized for fuzz testing and a set of scripts to implement a software test."

4 of 51 comments (clear)

Min score:

Reason:

Sort:

hmmm... by thatskinnyguy · 2010-05-27 14:16 · Score: 2, Funny

The worst case scenario is talking about worse case scenarios thinking about worse case scenarios and letting them possess you.

--
The game.
Re:bleh by Anonymous Coward · 2010-05-27 14:34 · Score: 1, Funny

After writing that, I had to compare the two.
Fuzz's code resides in a massive 34KB C file, undocumented and unformatted, liberal copy-pasta and no re-use, no grasp of language, about as readable as an assembly dump. Basically one big hack.
BFF is a nicely written, concise, small, and extensively documented perl script.
Yep... OSS fails to impress once more.
Re:BFF? by Daniel+Dvorkin · 2010-05-27 15:22 · Score: 3, Funny

Because it's, like, the security researcher's BFF OMG ponies!

--
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Re:axfuzz by TubeSteak · 2010-05-27 16:26 · Score: 3, Funny

Hope they didn't judge me on that code, it was a pile of crap that I kept hacking together until it finally worked, with no thought to proper software design.
That sounds like exactly the kind of code a fuzzer should be used upon.
Oh the recursion!

--
[Fuck Beta]
o0t!