Author_Institution :
Core Security Technol., New York, NY, USA
Abstract :
The burgeoning bug population has enhanced public awareness about security. The author outlines common bug hunting methods and techniques for actually finding bugs. To systematically find bugs, individuals do need common sense (to know what to look for), dedication (to spend endless hours poking through software code), and a bit of luck (to find meaningful results). Also helpful are a touch of arrogance, a handful of tricks and tools, and considerable social skills for effective teamwork. In fact, the required qualities don\´t differ much from those a typical human being needs to live well in modern society. The author defines bug hunting as a systematic process in which one or more individuals try to find security flaws in a predetermined set of "technologies", including software products, hardware devices, algorithms, formal protocols, and real-world networks and systems. Constraints on the practice might include time, resource availability, technical expertise, money, work experience, and so on
Keywords :
computer debugging; human factors; personnel; professional aspects; program debugging; security of data; common bug hunting methods; common sense; formal protocols; hardware devices; predetermined technologies; public awareness; real-world networks; resource availability; security; security flaws; social skills; software products; systematic process; teamwork; technical expertise; work experience; Art; Availability; Computer bugs; Hardware; Humans; Information security; Protocols; Software algorithms; Teamwork; Testing;
