In this Spotlight episode of the Podcast, sponsored* by ForAllSecure we speak with CEO David Brumley about application “fuzzing” and how advancements in machine learning technology are allowing security researchers to find more and more serious vulnerabilities faster. The challenge now, Brumley says, is to keep up with the machines.
The media’s focus on artificial intelligence and machine learning technologies are mostly confined to digital voice assistants like Amazon’s Alexa or the many AI and ML applications in healthcare, public safety – even criminal justice and medicine. But the same technologies are bringing about a quiet revolution in the field of information security.
One area that have seen rapid advancement thanks to ML and AI is the tried and true practice of “fuzzing” – or testing software applications for defects and exploitable vulnerabilities.
A highly specialized discipline, bug hunting is also highly data- and work intensive. That’s driven bug hunters to look for ways to speed and automate the discovery and testing of software holes.
Our guest for this episode of the podcast, David Brumley, said that machine learning is transforming fuzzing as a strategy, as advanced machine learning algorithms are being coupled with analytic methods like “symbolic execution” to model the operation of software applications and note the presence of serious security flaws.
In this conversation, David and I talk about the growing importance of application fuzzing as a security tool and some of the complications that large scale vulnerability discovery has created.
(*) Disclosure: This podcast was sponsored by ForAllSecure for more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.