diff options
| -rw-r--r-- | open_issues/code_analysis.mdwn | 11 | ||||
| -rw-r--r-- | open_issues/security.mdwn | 12 |
2 files changed, 10 insertions, 13 deletions
diff --git a/open_issues/code_analysis.mdwn b/open_issues/code_analysis.mdwn index 290bee42..65da942f 100644 --- a/open_issues/code_analysis.mdwn +++ b/open_issues/code_analysis.mdwn @@ -1,4 +1,4 @@ -[[!meta copyright="Copyright © 2010, 2011, 2012 Free Software Foundation, +[[!meta copyright="Copyright © 2010, 2011, 2012, 2013 Free Software Foundation, Inc."]] [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable @@ -188,9 +188,12 @@ There is a [[!FF_project 276]][[!tag bounty]] on some of these tasks. * Input fuzzing - Not a new topic; has been used (and a paper published) for early UNIX - tools, I[[I|tschwinge]]RC. + Not a new topic; has been used (and papers published?) for early [[UNIX]] + tools. What about some [[RPC]] fuzzing? * <http://caca.zoy.org/wiki/zzuf> - What about some [[RPC]] fuzzing? + * <http://www.ece.cmu.edu/~koopman/ballista/> + + * [Jones: system call abuse](http://lwn.net/Articles/414273/), Dave + Jones, 2010. diff --git a/open_issues/security.mdwn b/open_issues/security.mdwn index 055c8bdc..d8ffc04e 100644 --- a/open_issues/security.mdwn +++ b/open_issues/security.mdwn @@ -1,4 +1,4 @@ -[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]] +[[!meta copyright="Copyright © 2010, 2013 Free Software Foundation, Inc."]] [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable id="license" text="Permission is granted to copy, distribute and/or modify this @@ -24,11 +24,5 @@ automated fashion. All publically usable interfaces provide attacking targets. This includes all [[system call]]s and [[RPC]] interfaces. -Fuzzing techniques can be use for locating possible issues. - - * <http://lwn.net/Articles/414273/> - - * Has already been used in the 70s / 80s (?) for testing [[UNIX]] command - line tools. - - * <http://www.ece.cmu.edu/~koopman/ballista/> +Fuzzing techniques can be use for locating possible issues; see discussion on +the [[code_analysis]] page. |