Microsoft has released a general-purpose software tool for assessing the security of applications, part of a growing suite of free offerings designed to help third-party developers design safer programs. Microsoft Minifuzz is a lightweight file fuzzer, a type of tool that detects software bugs by throwing random data at an …
Funny if not for the tragedy
""Not many people are actually taking advantage of fuzzing up to this point," said David Ladd, principal security program manager for Microsoft's SDL team."
Neither are Microsoft.
srv2.sys (smb 2.0)
I hope it wasn't developed by the Internet Explorer team.
PLEASE give these tools to Adobe. And while you're at it, teach them a thing or two about providing update tools for those of us unfortunate enough to have to patch their Swiss cheese applications on hundreds of desktops.
You mean you don't like updating version by version to fix their insecure software....
We are looking at alternative PDF reader software for this reason and for the fact Acrobat Reader is massive - try installing it on a Wyse V90L for example.
I use Document Viewer 2.26.1. Although on Windoze I am happy with Foxit Reader, it is not perfect, it does have a smaller share of vulnerabilities though and they are fixed pretty quickly... So far, it also has a far smaller footprint.
".....Microsoft has learned is that bugs caught early in a product's development are by far the least expensive to fix..."
They even had to learn the bleedin' obvious? Are they planning on learning the clever stuff any time soon?
"To prevent miscreants from using the program to spot vulnerabilities in other developers' software"
Useless then. Cheers.
Maybe I can get the first on-topic comment in...
sounds pretty useful, I know a few of our apps I'll be running through it.
Good Tools in search of a Good Platform
I will give Microsoft credit, when they set out to do something, they do it. When you start really digging into application security, some of the best references and tools do come from Microsoft. The only downsides are that they are very PC/Windows/Web centric, and they tend to require the very latest of other Microsoft programs to run. For example: The SDL Modeling Tool focuses on what Microsoft technologies you are deploying, and the latest version requires the latest version of Visio Professional.
For those of us more concerned with embedded devices, the books are still very helpful, but the tools have limited use. [Okay, to be fair, the SDL Modeling Tool does allow you to create your own libraries mapping technologies to attacks, but it is not quite the turnkey solution it is for the MS environment.]
Application security should not be something limited to just desktop and server machines. When an exploit in the embedded firmware of a smart power meter is used to shut down a power grid, it makes the whole problem of the virus on your PC a bit of a moot point.