> Well engineered software needs no "fuzzing", it's provably correct.
Even if you prove your software is 100% correct, fuzzing is still useful until you prove your hardware and OS are correct too.
Proving your OS is "correct" is easy, if you strip you OS down to 5 lines of code. But on a real-world (useful) OS, its just not possible yet.
So, tmk, What percentage of the software *you* use is "proven correct?" (Remember to include in the list all the software involved in posting your reply: your OS, the code in your keyboard, mouse, monitor, BIOS and hard drive, your web browser, all routers on the path, any web caches, web proxy/load balance servers, web servers, etc..)
> Fuzzing and pen-testing are just techniques of the incompetent (but criminal) underground of a bygone era.
Ha ha. Just to pick a random example, I might agree that Microsoft is "incompetent" and "criminal", but the dream of "underground" and "bygone" has not happened yet..
P.S: I liked the original article. But I'm worried about downloading a PPT presentation from a guy looking for obscure holes in file formats... :)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds