Hacker News new | past | comments | ask | show | jobs | submit login

Google has a big fuzz-farm and Project Zero looking for this type of thing and even they did not find Heartbleed years ago. They are nabbing tons of bugs but there are many that are simply buried.

This seems to me a bit like when you do a maze starting from the finish and it is, for whatever reason, trivial to go from one end to the other.

It is neat that it is 2015 and fuzzers are cool again, though.




Actually Google did find Heartbleed (along with Codenomicon, who discovered it independently). [1]

[1] http://en.wikipedia.org/wiki/Heartbleed#Discovery


And Codenomicon apparently found it by fuzzing [0], though I haven't seen any details.

[0] http://www.codenomicon.com/products/defensics/


Not many people did serious analysis of OpenSSL just because the code was very difficult to debug.


Isn't the whole point of fuzzing that you don't really need to understand the code to find flaws in it?


No. A fuzzer abstracts away some of the need for intricate, function by function analysis, but you really want to know what the source code is doing to be successful.

Fuzzing "blind" will work...but you will miss a lot without more instrumentation than that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: