2010 CERT Vulnerability Discovery Workshop Proceedings
On Monday February 1, 2010, CERT hosted a workshop to explore the state of the art and practice of vulnerability discovery. Attendees from five countries included several major software vendors, leading vulnerability researchers, and US-CERT analysts. The formal talks are listed below, including links to slides and other materials.
- What is Vulnerability Discovery—Actors, Methods, and Results (slides)
Juhani "Jussi" Eronen, CERT-FI
- Zero Knowledge Fuzzing (slides, paper)
Vincenzo Iozzo, zynamics
- Discovering Vulnerabilities—The Secunia Research Way
Carsten Eiram, Secunia
- A Maze of Twisty Passages all Alike: A Bottom-Up Exploration of Open Source Fuzzers and Fuzzing Frameworks (slides)
Matt Franz, SAIC
- Effective Fuzzing Strategies (slides)
David Molnar and Lars Opstad, Microsoft
- Realizing the Fuzzing Potential: Precision and Accuracy versus Coverage (slides)
Mikko Varpiola, Codenomicon
- Instrumented Fuzzing with AIR Integers (slides, paper)
Will Dormann and Robert Seacord, CERT
- Identifying Fault Location in Closed Source Software via Trace Collection and Mining
Jared DeMott, Harris Crucial Security Programs
More information
To find out more about collaborative vulnerability discovery work at CERT, subscribe to the vul-discovery@cert.org mailing list. Please note that list membership is limited to individual vulnerability researchers and other vetted subscribers. |
