Evocatio Article Swipe
Related Concepts
Computer science
Exploit
Security bug
Vulnerability (computing)
Process (computing)
Software bug
Secure coding
Root cause
Popularity
Computer security
Prioritization
Byte
Software
Operating system
Software security assurance
Process management
Information security
Engineering
Reliability engineering
Security service
Social psychology
Psychology
Zhiyuan Jiang
,
Shuitao Gan
,
Adrian Herrera
,
Flavio Toffalini
,
Lucio Romerio
,
Chaojing Tang
,
Manuel Egele
,
Chao Zhang
,
Mathias Payer
·
YOU?
·
· 2022
· Open Access
·
· DOI: https://doi.org/10.1145/3548606.3560575
· OA: W4308643127
YOU?
·
· 2022
· Open Access
·
· DOI: https://doi.org/10.1145/3548606.3560575
· OA: W4308643127
The popularity of coverage-guided greybox fuzzers has led to a tsunami of security-critical bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (e.g., type of vulnerability, number of bytes read/written) enables prioritization of bug fixes. Unfortunately, understanding a bug's capabilities is a time consuming process, requiring (a) an understanding of the bug's root cause, (b) an understanding how an attacker may exploit the bug, and (c) the development of a patch mitigating these threats. This is a mostly-manual process that is qualitative and arbitrary, potentially leading to a misunderstanding of the bug's capabilities.
Related Topics
Finding more related topics…