Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Operating Systems Security Linux

Tool Kills Hidden Linux Bugs, Vulnerabilities 47

Posted by Soulskill
from the cockroaches-hiding-in-your-tux dept.
mask.of.sanity writes with this excerpt from SC Magazine: "Australian researcher Silvio Cesare has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. The script correlates vulnerability advisory CVEs for third-party libraries to determine if holes have carried over to Linux platforms or have not been patched. Such holes often escape the eye of developers because the libraries may not be kept updated with sources. This is further compounded because vulnerabilities in cross distributed packages can leave Linux platforms vulnerable."
This discussion has been archived. No new comments can be posted.

Tool Kills Hidden Linux Bugs, Vulnerabilities

Comments Filter:
  • by Anonymous Coward on Tuesday November 22, 2011 @07:40PM (#38142818)

    Since his tool looks for vulnerabilities and not "bugs" (if you want to call them that), it would be pointless to run the tool on itself with the aim of reducing false positives.

    Also, to put that statement in context:

    "While about 90 per cent of vulnerabilities produced by the tool were false-positives, Cesare said vetting the results takes seconds and was considerably faster than using manual processes."

    That sounds like a worthwhile improvement, no?

Single tasking: Just Say No.