Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Tool helps reduce search for bugs
Published: 2006-02-11

SAN FRANCISCO -- A university researcher showed off on Saturday an open-source tool that helps programmers dramatically shrink the amount of code they need to audit to find a particular bug.

The tool, known as Delta, uses a brute-force algorithm to break programs up into snippets of code and then tests the program minus a particular piece of code to see if the error still occurs. While an intelligent analysis could find a bug faster, the dumb, brute-force approach is surprisingly effective, Daniel Wilkerson, an analyst-programmer at the University of California at Berkeley, said at the CodeCon conference.

"You could try to do this manually and be more clever about it, but brute force automation wins over cleverness almost every time," he said.

Automated tools to find bugs have become more popular among security researchers. Open-source programs have benefited from static source-code analysis tools, while Microsoft uses its own such expert systems to audit code created by the company's programmers. Network fuzzers, which mangle data packets in an attempt to create exceptions in programs that then can be exploited, have also become popular.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:
on micro$oft 2006-02-13
assurbanipal







 

Privacy Statement
Copyright 2009, SecurityFocus