Slashdot Mirror

← Back to Stories (view on slashdot.org)

CERT Releases Basic Fuzzing Framework

Posted by timothy on Thursday May 27, 2010 @12:53PM from the this-field-cannot-be-left-blank dept.

infoLaw passes along this excerpt from Threatpost: "Carnegie Mellon University's Computer Emergency Response Team has released a new fuzzing framework to help identify and eliminate security vulnerabilities from software products. The Basic Fuzzing Framework (BFF) is described as a simplified version of automated dumb fuzzing. It includes a Linux virtual machine that has been optimized for fuzz testing and a set of scripts to implement a software test."

4 of 51 comments (clear)

Min score:

Reason:

Sort:

axfuzz by shird · 2010-05-27 13:48 · Score: 5, Interesting

in their whitepaper they referenced my 'axfuzz' tool I wrote years ago and even used a modified version of it in their testing. Hope they didn't judge me on that code, it was a pile of crap that I kept hacking together until it finally worked, with no thought to proper software design.

--
I.O.U One Sig.
1. Re:axfuzz by TubeSteak · 2010-05-27 16:26 · Score: 3, Funny
  
  Hope they didn't judge me on that code, it was a pile of crap that I kept hacking together until it finally worked, with no thought to proper software design.
  That sounds like exactly the kind of code a fuzzer should be used upon.
  Oh the recursion!
  
  --
  [Fuck Beta]
  o0t!
Linky? by Anonymous Coward · 2010-05-27 14:55 · Score: 3, Informative

Oh FFS, you couldn't even link to the damn framework?
Re:BFF? by Daniel+Dvorkin · 2010-05-27 15:22 · Score: 3, Funny

Because it's, like, the security researcher's BFF OMG ponies!

--
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.