Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not many people did serious analysis of OpenSSL just because the code was very difficult to debug.


Isn't the whole point of fuzzing that you don't really need to understand the code to find flaws in it?


No. A fuzzer abstracts away some of the need for intricate, function by function analysis, but you really want to know what the source code is doing to be successful.

Fuzzing "blind" will work...but you will miss a lot without more instrumentation than that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: