Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners


Miscreants and researchers are using automation to help them find exploitable flaws in your code. Some boffins at New York University [Tandon School of Engineering] in the US have a solution to this, and it's a new take on "security through obscurity". Here it is: add more bugs to your software to throw the automatic scanners off the scent of really scary blunders. We already know what you're probably thinking: "On a bad day, I get software that's more bug than code, and you want more bugs?" – but bear with us. The researchers – Zhenghao Hu, Yu Hu, and Brendan Dolan-Gavitt – only want the "right" kind of bug added to software: something that's not exploitable, doesn't cause crashes, but will show up if someone bug-scans the software.

See more...