CERT Releases Basic Fuzzing Framework 51
infoLaw passes along this excerpt from Threatpost: "Carnegie Mellon University's Computer Emergency Response Team has released a new fuzzing framework to help identify and eliminate security vulnerabilities from software products. The Basic Fuzzing Framework (BFF) is described as a simplified version of automated dumb fuzzing. It includes a Linux virtual machine that has been optimized for fuzz testing and a set of scripts to implement a software test."
hmmm... (Score:3, Funny)
Re:bleh (Score:1, Funny)
After writing that, I had to compare the two.
Fuzz's code resides in a massive 34KB C file, undocumented and unformatted, liberal copy-pasta and no re-use, no grasp of language, about as readable as an assembly dump. Basically one big hack.
BFF is a nicely written, concise, small, and extensively documented perl script.
Yep... OSS fails to impress once more.
Re:BFF? (Score:4, Funny)
Because it's, like, the security researcher's BFF OMG ponies!
Re:axfuzz (Score:4, Funny)
Hope they didn't judge me on that code, it was a pile of crap that I kept hacking together until it finally worked, with no thought to proper software design.
That sounds like exactly the kind of code a fuzzer should be used upon.
Oh the recursion!