It's also backtested, so who knows how realistic the data set they're
working with is? It's "automated", and large data sets (all MSFT
security patches) are available. Presumably, if this system worked as
well as the press says it works, they could have run it against many
more patches and had a more compelling paper. That they didn't tells
you something.
Smarter people than me disagree with this point, but I'll make it
anyways: there isn't necessarily a 1:1 mapping between patches and
exploitable code paths. So I kind of disagree with the premise, too.
On 4/25/08, jf <jf_at_danglingpointers.net> wrote:
> > 2. The work presented ignores the most time consuming portion of the
> > exercise, being the attack vector discovery. It only automates the
> > portion which takes a negligable amount of time when compared to the
> > rest of the work needed to produce a viable exploit.
>
>
>
> indeed, they keep saying 'exploit' when they mean 'dos poc', which is
> indeed impressive in itself, but only mildly useful.
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave_at_lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Received on Apr 25 2008
Intro
