@berendjanwever is evaluating 2500 crashes per day on major browsers. This yields about 1 vuln per month. For a sample, check #DailyBug.
-
Stages of BugID development: 1. Run tests unattended 2. Don't waste time on known issues 3. Filter by type (filter non-issues) 4. Print $$$
If symbols are available, BugID tries to look up location in Chrome/Firefox src code. Grades UAFs by estimated control of allocations. Neat!
-
-
BugID tracks distance between AVs and poison values to estimate control. Works for every bug type. Encoded on "bug id hash", easy to grep.pic.twitter.com/u5370K9VC4
-
He's collected data on BugID FPs over the last year. Short time between UAF was a typical FP. FNs using BugID are very low.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.