Bug hunting: the seven ways of the Security Samurai

Author

Arce, Iván

Author_Institution

Core Security Technol., New York, NY, USA

Volume

35

Issue

4

fYear

2002

fDate

4/1/2002 12:00:00 AM

Firstpage

11

Lastpage

15

Abstract

The burgeoning bug population has enhanced public awareness about security. The author outlines common bug hunting methods and techniques for actually finding bugs. To systematically find bugs, individuals do need common sense (to know what to look for), dedication (to spend endless hours poking through software code), and a bit of luck (to find meaningful results). Also helpful are a touch of arrogance, a handful of tricks and tools, and considerable social skills for effective teamwork. In fact, the required qualities don\´t differ much from those a typical human being needs to live well in modern society. The author defines bug hunting as a systematic process in which one or more individuals try to find security flaws in a predetermined set of "technologies", including software products, hardware devices, algorithms, formal protocols, and real-world networks and systems. Constraints on the practice might include time, resource availability, technical expertise, money, work experience, and so on

Keywords

computer debugging; human factors; personnel; professional aspects; program debugging; security of data; common bug hunting methods; common sense; formal protocols; hardware devices; predetermined technologies; public awareness; real-world networks; resource availability; security; security flaws; social skills; software products; systematic process; teamwork; technical expertise; work experience; Art; Availability; Computer bugs; Hardware; Humans; Information security; Protocols; Software algorithms; Teamwork; Testing;

fLanguage

English

Journal_Title

Computer

Publisher

ieee

ISSN

0018-9162

Type

jour

DOI

10.1109/MC.2002.1012424

Filename

1012424