A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is
Discovering buffer overflow vulnerabilities in the wild
Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement - ESEM '14
We performed an empirical study on reporters of buffer overflow vulnerabilities to understand the methods and tools used during the discovery. The participants were reporters featured in the SecurityFocus repository during two sixmonth periods; we collected 58 responses. We found that in spite of many apparent choices, reporters follow similar approaches. Most reporters typically use fuzzing, but their fuzzing tools are created ad hoc; they use a few debugging tools to analyze the crashdoi:10.1145/2652524.2652533 dblp:conf/esem/FangH14 fatcat:jhuevd3amffxtgbdpcwpvsbpmq