manuel at acanthephyra.net
Mon Jul 13 14:22:45 UTC 2015
On Mon, Jul 13, 2015 at 09:05:16AM -0400, Andrew wrote:
> Their paper is here:
> A related paper on a system to automatically find the bugs to repair is
> here: http://dspace.mit.edu/openaccess-disseminate/1721.1/96155
Skimming through the paper, it also seems like it could replace parsers that crash on invalid input (and thus fail noisily) with lenient parsers that don't crash when handling those inputs. This may or may not lead to the creation of entirely new states (e.g. a lenient configuration parser that accepts complex, invalid syntax could lead to a runtime configuration that causes crashes later during execution) and by extension vulnerabilities.
More information about the langsec-discuss