Here's a
discouraging blog post from Dave Jones on why he will no longer be
developing the Trinity fuzz tester. "It’s no coincidence that the
number of bugs reported found with Trinity have dropped off sharply since
the beginning of the year, and I don’t think it’s because the Linux kernel
suddenly got lots better. Rather, it’s due to the lack of real ongoing
development to 'try something else' when some approaches dry up. Sadly we
now live in a world where it’s easier to get paid to run someone else’s
fuzzer these days than it is to develop one."
↧