I agree, but I also think the PZ team would not make many friends at Google if they did that :)
-
-
Replying to @pcwalton
Like, the one you linked to is basically "a bunch of people wrote a ton of new protocol parsing code in C++ and shipped it to billions of people. It crashed when we fuzzed for a little while." They promise some "lessons" in part 5, but seriously we already know the lessons.
2 replies 8 retweets 39 likes -
Replying to @johnregehr @pcwalton
sometimes I think the existence of research into C vulnerabilities has major negative externalities
0 replies 0 retweets 6 likes -
Replying to @johnregehr @pcwalton
Sure, some research on this stuff is necessary. But I feel like fuzzing and static analysis and smart security researchers is substituting for realizing that shipping desktop apps written in unsafe languages is malpractice.
1 reply 0 retweets 7 likes
Yeah, in a world where everything was written in safe languages, fuzzing would mostly turn into a tool to improve software reliability rather than security.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.