A few of us were hanging out in the Veracode kitchen the other day and got to discussing the idea of programmatically injecting vulnerabilities into software. This is essentially the opposite of the problem that most security vendors, including ourselves, are trying to solve — that is, detecting vulnerabilities. Clearly there’s not much business value in making software less safe, though you could imagine such a tool being used for educational purposes or a way to mass-produce QA test cases.
It sounds easy, right? Certainly it would be easy to inject the types of classic security problems that …
Subscribe by RSS 
