Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

Richard Chirgwin for The Register
August 7, 2018
Source: https://www.theregister.co.uk/2018/08/07/chaff_confuse_automated_vulnerability_scanners/

Miscreants and researchers are using automation to help them find exploitable flaws in your code. Some boffins at New York University [Tandon School of Engineering] in the US have a solution to this, and it's a new take on "security through obscurity". Here it is: add more bugs to your software to throw the automatic scanners off the scent of really scary blunders. We already know what you're probably thinking: "On a bad day, I get software that's more bug than code, and you want more bugs?" – but bear with us. The researchers – Zhenghao Hu, Yu Hu, and Brendan Dolan-Gavitt – only want the "right" kind of bug added to software: something that's not exploitable, doesn't cause crashes, but will show up if someone bug-scans the software.

Departments

Degrees & Programs

Resources

Overview

Community

News & Events

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

More to Read

Jeffrey Hubbell joins NYU Tandon to lead new university-wide health engineering initiative and expand the School’s bioengineering focus

Real-time video Deepfake scams are here. This tool attempts to zap them

How do video game companies like Game Freak keep getting hacked?