In the ever-evolving landscape of software and systems, vulnerabilities lurk at various levels, from the surface layers of application software down to the depths of kernel and firmware. This talk delves into the intricate web of flaws that plague modern technologies, shedding light on the diverse range of vulnerabilities that can compromise security and functionality, while also offering insight into effective strategies for mitigating them. From the essential practices of bug detection to advanced techniques such as fuzzing and symbolic execution, attendees will gain a comprehensive understanding of the arsenal of tools and methodologies available for navigating the complex landscape of software flaws. Additionally, we will explore large-scale approaches to bug discovery, such as initiatives like the Google OSS project, which harnesses collective intelligence to identify and address vulnerabilities across a wide spectrum of software projects.
Moreover, we'll also examine the unique challenges involved in detecting and mitigating vulnerabilities in embedded devices. Unlike traditional software systems, embedded devices often operate under resource constraints and may have limited or no access to debugging tools and environments. Therefore, we will discuss specialized techniques and considerations for identifying and addressing vulnerabilities in these constrained environments.
This talk explores the pervasive vulnerabilities within software and systems, spanning from surface-level application issues to deep-seated kernel flaws. Attendees will learn about diverse detection methods, from fundamental bug identification to advanced techniques like fuzzing and symbolic execution. Additionally, it discusses large-scale bug discovery initiatives such as the Google OSS project and offers insights into securing embedded devices despite resource constraints and limited debugging access.
