On 05/21/2012 03:28 PM, Jonathan M. Foote wrote:
I work on the Vulnerability Analysis team at CERT/CC (www.cert.org
>). We recently released an open source project that
I developed, the CERT Triage Tools, and I thought it might be of
interest to your team. From the CERT Triage Tools webpage
The CERT Triage Tools can be used to assist software vendors and
analysts in identifying the impact of defects discovered through
techniques such as fuzz testing and prioritizing their remediation in
the software development process. The CERT Triage Tools include a GNU
Debugger (GDB) extension called "exploitable" that classifies Linux
application bugs by severity and a wrapper script for batch execution.
The 'exploitable' GDB extension mentioned above is a Python script that
can be used to determine how exploitable a crash is. I recently
published a blog post with some more information on the extension and
how to use it:
Josh Bressers and Steve Grubb, of Red Hat, have been investigating use
of the tools by your organization. I have CC’d them on this message.
(Josh and Steve: The first message I sent didn’t post to the mailing
list due to a clerical error on my part – feel free to ignore this re-send)
Regardless, I have been passively following the work your team has been
doing and thought our tools might be useful to you. If you have any
questions, comments, or ideas feel please feel free to drop me a line.
this is a great news and we will gladly use it in the ABRT projects.
AFAIK the integration with our current ABRT tools shouldn't be hard and
we plan to start working on it (and nagging you with some requests ;)) soon.
Have a nice day,