I was fascinated by the link[1] in this line "As a result, instead of being hostile to fuzzing, Firefox developers actively help me fuzz their code."
It almost reads like a parody, but it's clearly quite serious; a detailed, thoughtful discussion of how you can ensure your continued ability to ship buggy products. (I know, that's not how the authors see it. But I know which philosophy I hope the people developing the software I have to use have, and it looks a lot more like Firefox than RIM.)
Jesse's fuzzers are wonderful. When Mozilla developers make a big change to SpiderMonkey they'll often ask the QA folks to run the change through jsfunfuzz for a few hours, and very often it'll uncover real bugs.
The same tools, if they want. jsfunfuzz has been privately available to other browser vendors for some time (although possibly not the latest version?).
I worked with Jesse a few years ago doing penetration testing on Firefox. He always amazed me with his brilliance. I learned a lot from his work, and he's a really nice person as well.
Yes. Over the years we have worked on projects that would reduce the impact of bugs found by this fuzzer. For example we have prevented whole classes of security bugs that this fuzzer would find, which would reduce the priority of fixing them compared to a benign crash.
It almost reads like a parody, but it's clearly quite serious; a detailed, thoughtful discussion of how you can ensure your continued ability to ship buggy products. (I know, that's not how the authors see it. But I know which philosophy I hope the people developing the software I have to use have, and it looks a lot more like Firefox than RIM.)
[1]: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/b...