CERT Releases Basic Fuzzing Framework

infoLaw passes along this excerpt from Threatpost: "Carnegie Mellon University's Computer Emergency Response Team has released a new fuzzing framework to help identify and eliminate security vulnerabilities from software products. The Basic Fuzzing Framework (BFF) is described as a simplified version of automated dumb fuzzing. It includes a Linux virtual machine that has been optimized for fuzz testing and a set of scripts to implement a software test."

hmmm...

[thatskinnyguy]

The worst case scenario is talking about worse case scenarios thinking about worse case scenarios and letting them possess you.

Re:bleh

[Anonymous Coward]

After writing that, I had to compare the two.

Fuzz's code resides in a massive 34KB C file, undocumented and unformatted, liberal copy-pasta and no re-use, no grasp of language, about as readable as an assembly dump. Basically one big hack.

BFF is a nicely written, concise, small, and extensively documented perl script.

Yep... OSS fails to impress once more.

Re:BFF?

[Daniel Dvorkin]

Because it's, like, the security researcher's BFF OMG ponies!

Re:axfuzz

[TubeSteak]

Hope they didn't judge me on that code, it was a pile of crap that I kept hacking together until it finally worked, with no thought to proper software design.

That sounds like exactly the kind of code a fuzzer should be used upon.
Oh the recursion!