"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
Webcasts and Podcasts
Fuzzing First: Customers are Not Crash Test Dummies
A Software Test and Performance Magazine Webinar
Wednesday, May 28, 2008, 12:00 p.m. EDT / 9:00 a.m. PDT
Lack of comprehensive software testing makes consumers nothing more than crash test dummies. A majority of cyber security issues today are created by flaws that can be largely tested away in the software development life-cycle but are not. Every flaw that escapes quality assurance practices has a high likelihood of causing significant costs to the end user.
Security today is part of quality assurance practices, or at least it should be. But in quality assurance, everything should be measurable before it is meaningful. One of the arguments author David Rice makes in his book "Geekonomics" is the importance of making security visible in the market place; that is, buyers can price their risk through some easy to comprehend metric. But before that, at least the manufacturers of software have to understand the required metrics. Today, David's talk touches on security metrics, their importance, and their use in software purchasing practices.
Fuzzing is about crash-testing your software, instead of using consumers as crash test dummies. Fuzzing is a compelling solution to eliminating cyber security problems. Fuzzing is not new, it has been used actively by the security community since 1990s. What is new is how fuzzing is used in a business context: fuzzing is being employed as part of procurement criteria to compare the security and quality of software and thus influence purchasing decisions. Metrics in this field are still immature, but Ari Takanen will give a brief look at where we are today.
Moderator:
Edward J. Correia, Editor, Software Test & Performance
Edward J. Correia was named editor of BZ Media?s Software Test & Performance magazine in October 2006. He formerly served as executive editor of BZ Media?s SD Times, the industry newspaper for software development managers.
Speaker: David Rice, Director of The Monterey Group
David Rice is an internationally recognized information security professional and author of "Geekonomics: The Real Cost of Insecure Software." For a decade he has advised, counseled, and defended global IT networks for government and private industry. David has been awarded by the U.S. Department of Defense for "significant contributions" advancing security of critical national infrastructure and global networks. He is currently Director of The Monterey Group.
Speaker: Ari Takanen, founder and CTO of Codenomicon
Ari Takanen, founder and CTO of Codenomicon, has since 1998 been focusing his work on information security issues in next-generation networks and security critical environments. The work of Codenomicon and the University of Oulu aims at ensuring that new technologies are accepted by the general public by providing means of measuring and ensuring quality in networked software. Ari has been invited speaker at numerous security and testing conferences, and also at leading universities and international corporations. He has co-authored a book on Voice over IP security (published by Addison-Wesley), and has a book upcoming on fuzzing (Artech House).
Registration
