1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The truth about bug finders: They're essentially useless

Discussion in 'Network World' started by RSS, Jul 8, 2016.

  1. RSS

    RSS New Member Member

    Today's popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year.

    Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They'll typically report back how many bugs they found -- what you don't know is how many were missed, leaving success rates an open mystery.

    So researchers at New York University's Tandon School of Engineering in collaboration with the MIT Lincoln Laboratory and Northeastern University decided to find out how much they are missing.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page