Re: bug classes discovery via inference & reasoning :

["Steven M. Christey" <coley () mitre org>]

> But what about determining new classes of bugs ?

For over a year, I've been informally working on a "vulnerability
theory" that, if successful, might provide a framework for modeling
the physics of vulnerabilities (to put it very crudely).  At the very
least is a vocabulary for talking about some stuff that researchers do
instinctively.  One long-term application would be to use the
framework to identify new classes of bugs, e.g. "product class X has
behaviors B1 and B2, with manipulations M1...M5 on resource R that
preserve property P and modifies property Q.  What vulns involve P and
Q, which are therefore likely to affect X?"

However, it's not as precise as you might be looking for, although
conceptually the ideas could go down to that level of detail.  I
expect to have some proposals into the usual conferences, but we'll
see if they think it's worth anything.  It might be too
academic-tinged and it's broad in scope, not narrow, so specialists
might not find it interesting.  Feel free to contact me offline for a
brief summary; it could benefit from some review by forward-thinking
people.

- Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave