Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners
- Richard Chirgwin for The Register
- August 7, 2018
- Source: https://www.theregister.co.uk/2018/08/07/chaff_confuse_automated_vulnerability_scanners/
Miscreants and researchers are using automation to help them find exploitable flaws in your code. Some boffins at New York University [Tandon School of Engineering] in the US have a solution to this, and it's a new take on "security through obscurity". Here it is: add more bugs to your software to throw the automatic scanners off the scent of really scary blunders. We already know what you're probably thinking: "On a bad day, I get software that's more bug than code, and you want more bugs?" – but bear with us. The researchers – Zhenghao Hu, Yu Hu, and Brendan Dolan-Gavitt – only want the "right" kind of bug added to software: something that's not exploitable, doesn't cause crashes, but will show up if someone bug-scans the software.