Tool Kills Hidden Linux Bugs, Vulnerabilities

Tool Kills Hidden Linux Bugs, Vulnerabilities 47

Posted by Soulskill on Tuesday November 22, 2011 @06:30PM from the cockroaches-hiding-in-your-tux dept.

mask.of.sanity writes with this excerpt from SC Magazine: "Australian researcher Silvio Cesare has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. The script correlates vulnerability advisory CVEs for third-party libraries to determine if holes have carried over to Linux platforms or have not been patched. Such holes often escape the eye of developers because the libraries may not be kept updated with sources. This is further compounded because vulnerabilities in cross distributed packages can leave Linux platforms vulnerable."

Tool Kills Hidden Linux Bugs, Vulnerabilities

This discussion has been archived. No new comments can be posted.

Search 47 Comments Log In/Create an Account

Comments Filter:

Re:90% false positives?! (Score:4, Interesting)

by Anonymous Coward writes: on Tuesday November 22, 2011 @07:40PM (#38142818)

Since his tool looks for vulnerabilities and not "bugs" (if you want to call them that), it would be pointless to run the tool on itself with the aim of reducing false positives.
Also, to put that statement in context:
"While about 90 per cent of vulnerabilities produced by the tool were false-positives, Cesare said vetting the results takes seconds and was considerably faster than using manual processes."
That sounds like a worthwhile improvement, no?

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Tool Kills Hidden Linux Bugs, Vulnerabilities 47

Tool Kills Hidden Linux Bugs, Vulnerabilities More Login

Tool Kills Hidden Linux Bugs, Vulnerabilities

Re:90% false positives?! (Score:4, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot