Can you comment on how these defects were detected - code review (manual or automated), fuzz testing, other?
David Thiel's paper and talk from Blackhat this year talked about specific file fuzzers for media formats and such and the major lesson for me is that building file-specific fuzzers like that that subtly tweak file formats is laborious.
I'd be interested to know how you detected these, and what your experience is in finding these types of defects via various methods.
As someone said earlier; it would be great to know how Google works on auditing its projects. Possibly even releasing or demonstrating some tools.
Google has some of the best resources and talent; it could do great things for the Security Community.
On a side-note: Gmail is definitely the best mail service I've used. In regards to spam; I went from 40-50 spam mails a day to 0 after forwarding my mail through Gmail.
Follow
6 comments :
Can you comment on how these defects were detected - code review (manual or automated), fuzz testing, other?
David Thiel's paper and talk from Blackhat this year talked about specific file fuzzers for media formats and such and the major lesson for me is that building file-specific fuzzers like that that subtly tweak file formats is laborious.
I'd be interested to know how you detected these, and what your experience is in finding these types of defects via various methods.
I hate GMail. GMail is the Biggest Spammer of all. I have had nothing but trouble with Gmail and I intend to get rid of Gmail.
As someone said earlier; it would be great to know how Google works on auditing its projects. Possibly even releasing or demonstrating some tools.
Google has some of the best resources and talent; it could do great things for the Security Community.
On a side-note: Gmail is definitely the best mail service I've used. In regards to spam; I went from 40-50 spam mails a day to 0 after forwarding my mail through Gmail.
--
Yash Kadakia
CTO, Security Brigade
http://www.securitybrigade.com
Penetration Testing, PCI DSS Compliance, Security Consulting etc.
Post a Comment