[fuzzing] finally read my book: Open Source Fuzzing Tools

Charles Miller cmiller at securityevaluators.com
Mon Oct 12 17:00:27 UTC 2009 

My experience with writing this book was terrible.  I wrote the last  
chapter, which is pretty decent I think.  I assume that other authors  
also wrote particular chapters, some of which are also quite good.   
The problem was that I never got a chance to see any of the other  
chapters before writing my own.  When I submitted my chapter for  
editing/comments, I didn't receive any and one day the book showed up  
exactly as I had submitted my draft.  (actually I had to buy a copy  
since Syngress didn't bother sending me one)  So if you read the book  
as a "collection of essays" you might enjoy it.  If you expect it to  
have cohesion and flow, you'll be disappointed.  Another reason I got  
mad about this book is that I said I'd only do it if the publisher  
agreed to have my name on cover.  That was the only reason to do it,  
besides the $250 - which I could have earned a bit quicker as a  
consultant ;)  Anyway, they lived up to their end of the bargain in  
theory.  If you look, my name is on the cover quite small.  However,  
if you go to amazon, there is no mention of me.  Even if you click on  
the cover of the book in amazon, my name doesn't show up.  I've grown  
afraid of even listing it on my resume for fear that someone will look  
for it on amazon and think I made the whole thing up!  Anyway, don't  
let my bad experience with syngress ruin your enjoyment of the book,  
which as Gadi says, does have its moments.

Charlie

On Oct 12, 2009, at 6:38 AM, Gadi Evron wrote:

> So, everyone else who wrote a book sent it here. I just never felt  
> right about writing about mine until now.
>
> The book Open Source Fuzzing Tools was a massive collaboration with  
> many people, from Prof. Barton Miller (who wrote the introduction)  
> to some of our regulars here such as Charlie Miller.
>
> Having now read it with enough time passing, I can attest that it is  
> indeed very good. I had low expectations due to issues with the  
> publisher (Syngress was bought out and communication, editing and  
> even payment was a massive issue).
>
> Having seen the other books, I would say this one is not the best  
> reference on fuzzing, nor is it the best manual. It is however, the  
> very best current introductory text on the subject.
>
> It is also one of the better books on the theory of fuzzing and how  
> to do various types of fuzzing. It is not, however, very good on the  
> "let's do it!" part.
>
> In retrospect, I am happy with it when I thought I'd be disappointed!
>
> While I won't benefit much from you buying the book, it is worth a  
> read!
>
> 	Gadi.
> _______________________________________________
> fuzzing mailing list
> fuzzing at whitestar.linuxbox.org
> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing

More information about the fuzzing mailing list