2010 CERT Vulnerability Discovery Workshop Proceedings
On February 1, 2010, the CERT/CC hosted a workshop to explore
the state of the art and practice of vulnerability
discovery. Attendees from five countries included several major
software vendors, leading vulnerability researchers, and US-CERT
analysts. The formal talks are listed below, including links to slides
and other materials.
- What is Vulnerability Discovery—Actors, Methods, and Results (slides)
Juhani "Jussi" Eronen, CERT-FI
- Zero Knowledge Fuzzing (slides, paper)
Vincenzo Iozzo, zynamics
- Discovering Vulnerabilities—The Secunia Research Way
Carsten Eiram, Secunia
- A Maze of Twisty Passages all Alike: A Bottom-Up Exploration of Open Source Fuzzers and Fuzzing Frameworks (slides)
Matt Franz, SAIC
- Effective Fuzzing Strategies (slides)
David Molnar and Lars Opstad, Microsoft
- Realizing the Fuzzing Potential: Precision and Accuracy versus Coverage (slides)
Mikko Varpiola, Codenomicon
- Instrumented Fuzzing with AIR Integers (slides, paper)
Will Dormann and Robert Seacord, CERT
- Identifying Fault Location in Closed Source Software via Trace Collection and Mining
Jared DeMott, Harris Crucial Security Programs
More information
To find out more about collaborative vulnerability discovery work at CERT, subscribe to the vul-discovery@cert.org mailing list. Please note that list membership is limited to individual vulnerability researchers and other vetted subscribers. |
