Tandon in the News
The Truth About Bug Finders: They're Essentially Useless
In tests, they missed 98 percent of the vulnerabilities in researchers' code
- Katherine Noyes for CIO July 8th, 2016
- Source: http://www.cio.com/article/3093357/application-development/the-truth-about-bug-finders-theyre-essentially-useless.html
Today's popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year.
Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They'll typically report back how many bugs they found — what you don't know is how many were missed, leaving success rates an open mystery.
So researchers at New York University's Tandon School of Engineering in collaboration with the MIT Lincoln Laboratory and Northeastern University decided to find out how much they are missing.