Genetic Algorithm, in Reverse Mode

Today I would like to discuss running genetic algorithm… backwards. Yes, this is possible. Occasionally it is practical, when you need not the best, but the worst solution to a problem. And I think there are more uses for it. It seems to be helpful with maintaining genetic pool diversity, with avoiding being stuck in…


Is Pluto a Planet?

Is Pluto a planet? And how is that question related to Data Science? For sure, physical properties of Pluto do not change if we call it a “planet”, a “dwarf planet”, a “candelabrum”, or a “sea cow”. Pluto stays the same Pluto regardless of all that. For physics or astronomy, naming does not really matter….


Equation of a Fuzzing Curve — Part 2/2

Follow-up notes and discussion See Part 1 here.   Can you predict how many bugs will be found at infinity?   No. There seems to be a fundamental limit on fuzzing curve extrapolation. To see that, consider bug distribution function of the following form: where p0 >> p1 but a0 ≈ a1 and δ(x) is…


Equation of a Fuzzing Curve — Part 1/2

Equation of a Fuzzing Curve   Introduction While fuzzing, you may need to extrapolate or describe analytically a “fuzzing curve”, which is the dependency between the number of bugs found and the count of fuzzing inputs. Here I will share my approach to deriving an analytical expression for that curve. The results could be applied…


Estimating Hidden Bug Count — Part 3/3

Part 4: Step By Step Guide This is just a summary of the previous chapters as a flow chart (click here for the derivation of the method): Here variable meanings are: External bugs, or E – the count of active (not fixed) bugs reported against the product externally Internal bugs, or I – the count…


Estimating Hidden Bug Count — Part 2/3

Previous part: introduction and simpler theory Next: Flowchart Summary and Limitations   Part 3: Harsh Reality   That simple logic is nice, but practice makes it questionable for at least two reasons: Bugs found by either of the parties are fixed. After that, another party gets no chances to find them again. Product development results in…


Estimating Hidden Bug Count — Part 1/3

Part 1: Introduction and Basic Theory Part 2: Accounting for Bug Fixes Part 3: Flowchart Summary and Limitations   Part 1: Introduction   Probably every piece of software has some defects in it. Known defects (also called bugs) are found by manufacturers and users and fixed. Unknown ones remain there, waiting to be discovered some…


Practice and Theory of Security Reviews — Part 3

Problem introduction and disclaimer. Security Review Heuristics Zoo.  Part 3 — Reflections Or rather a few closing notes… Can you quantify “product security”? Usually when people start talking about “X being 23% more secure than Y” I just snort. However, with the notion of features interaction complexity, we can at least try to approach that…


Security Reviews: The Heuristics Zoo, Part 2/2

Introduction (Part I)  The Heuristics Zoo, Part 1/2 Note: standard Disclaimer expressed in Part I applies here as well. Heuristic 5: “Area Expertise” and “Penetration Testing” These two seemingly different techniques share a lot in how they approach managing the complexity of security reviews, so I will consider them together. “Area Expertise” is simply learning….


Security Reviews: The Heuristics Zoo, Part 1/2

Initially meant to fit into one chapter, this text grew quickly and I had to split it into two. So there will be four parts of the article in total. Introduction (or Part I) is here. <Disclaimer>By no means this list is “complete”. I think every security person on the planet can add couple extra good…