[fuzzing] Hey all

eugaaa eugaaa at gmail.com
Sat Mar 15 04:30:53 CDT 2008 

Why draw such a line?

On Sat, 2008-03-15 at 04:32 -0500, Gadi Evron wrote:
> On Sat, 15 Mar 2008, eugaaa wrote:
> > No proposals, however since the publishing of "Fuzzing" by Michael
> > Sutton it has gained a lot of momentum. Wind in it's sails, if you will.
> > Peachfuzz framework and subsequent conference talks. It has *slowly*
> > leaked into bugtraq albeit in a hard to verify way. With the progressing
> > pace of systems security I think pretty soon a subset of hackers will
> > come to rely on fuzzing and fuzzing frameworks. Thoughts?
> 
> You speak of hacking frameworks, I speak of QA frameworks.
> Different world.
> 
> 
> >
> > On Sat, 2008-03-15 at 04:06 -0500, Gadi Evron wrote:
> >> On Sat, 15 Mar 2008, eugaaa wrote:
> >>> Famous last words.
> >>> ;-)
> >>
> >> Going with a proposal to SANS? :)
> >>
> >>>
> >>> On Sat, 2008-03-15 at 04:02 -0500, Gadi Evron wrote:
> >>>> On Sat, 15 Mar 2008, eugaaa wrote:
> >>>>> On the other hand, an official certification would mean widespread
> >>>>> acceptance as it would instantaneously have become an industry standard.
> >>>>> A distasteful but effective idea :<
> >>>>
> >>>> QA Security Engineer.
> >>>>
> >>>> If fuzzing becomes wide-spread in corporate enviroments, you could expect
> >>>> that. Vendors may also do that. I explored that option in my "corporate
> >>>> fuzzing" lecture back in 23C3.
> >>>>
> >>>> Honestly though, I don't see any widespread acceptance.
> >>>>
> >>>>
> >>>>>
> >>>>> On Sat, 2008-03-15 at 02:36 +0100, Joxean Koret wrote:
> >>>>>> Hi Sergio,
> >>>>>>
> >>>>>> With "research" I mean "vulnerability research". How to find
> >>>>>> vulnerabilities, highlight error prone vulnerable areas, etc...
> >>>>>>
> >>>>>> I'm not a certifications fan so don't consider it a cert's defense, just
> >>>>>> my opinion regarding "certification in fuzzing".
> >>>>>>
> >>>>>> Regards,
> >>>>>> Joxean Koret
> >>>>>>
> >>>>>> On sáb, 2008-03-15 at 02:21 +0100, Sergio 'shadown' Alvarez wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> "certification in research"...sweet!....what about certifications for
> >>>>>>> intelligence and IQ? ;)
> >>>>>>>
> >>>>>> _______________________________________________
> >>>>>> fuzzing mailing list
> >>>>>> fuzzing at whitestar.linuxbox.org
> >>>>>> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
> >>>>>
> >>>>>
> >>>
> >>>
> >
> >

More information about the fuzzing mailing list