[Dailydave] Some Sums
Paul Melson
pmelson at gmail.com
Mon Feb 12 11:09:33 EST 2007
> 2. A lot of people are "finding" things simply by being the first to aim
someone else's fuzzer at them.
> I'm not sure what this implies, but it implies something.
Ooh, maybe it implies that the art of finding software vulnerabilities is
ready for some big consultancy to turn it into a canned 2-week deliverable.
Experienced coders will be replaced by a couple of CSA's with Spike and
Peach and only 3 semesters of C++ between them.
Perhaps eventually it will get to a point where Qualys builds a product
where you upload your .MSI file to a VM and they just e-mail you a report.
Or maybe it just means that as fuzzers get better, KF will have to announce
a QOAB or a YOAB. :-)
PaulM
More information about the Dailydave
mailing list