Equation of a Fuzzing Curve — Part 1/2

Equation of a Fuzzing Curve   Introduction While fuzzing, you may need to extrapolate or describe analytically a “fuzzing curve”, which is the dependency between the number of bugs found and the count of fuzzing inputs. Here I will share my approach to deriving an analytical expression for that curve. The results could be applied…


Estimating Hidden Bug Count — Part 3/3

Part 4: Step By Step Guide This is just a summary of the previous chapters as a flow chart (click here for the derivation of the method): Here variable meanings are: External bugs, or E – the count of active (not fixed) bugs reported against the product externally Internal bugs, or I – the count…


Estimating Hidden Bug Count — Part 2/3

Previous part: introduction and simpler theory Next: Flowchart Summary and Limitations   Part 3: Harsh Reality   That simple logic is nice, but practice makes it questionable for at least two reasons: Bugs found by either of the parties are fixed. After that, another party gets no chances to find them again. Product development results in…


Estimating Hidden Bug Count — Part 1/3

Part 1: Introduction and Basic Theory Part 2: Accounting for Bug Fixes Part 3: Flowchart Summary and Limitations   Part 1: Introduction   Probably every piece of software has some defects in it. Known defects (also called bugs) are found by manufacturers and users and fixed. Unknown ones remain there, waiting to be discovered some…


Practice and Theory of Security Reviews — Part 3

Problem introduction and disclaimer. Security Review Heuristics Zoo.  Part 3 — Reflections Or rather a few closing notes… Can you quantify “product security”? Usually when people start talking about “X being 23% more secure than Y” I just snort. However, with the notion of features interaction complexity, we can at least try to approach that…


Security Reviews: The Heuristics Zoo, Part 2/2

Introduction (Part I)  The Heuristics Zoo, Part 1/2 Note: standard Disclaimer expressed in Part I applies here as well. Heuristic 5: “Area Expertise” and “Penetration Testing” These two seemingly different techniques share a lot in how they approach managing the complexity of security reviews, so I will consider them together. “Area Expertise” is simply learning….


Security Reviews: The Heuristics Zoo, Part 1/2

Initially meant to fit into one chapter, this text grew quickly and I had to split it into two. So there will be four parts of the article in total. Introduction (or Part I) is here. <Disclaimer>By no means this list is “complete”. I think every security person on the planet can add couple extra good…


Practice and Theory of Security Reviews

Click here if you want’ to skip all the theory and just go to the Security Reviews Heuristics Zoo If you are a software security professional, you might’ve been asked sometimes to conduct a “security design review”. If you felt lost at that point, this article may help you. Here I tried to summarize my…