The Smart Fuzzer Revolution

The last 2 years has seen greater advances in automated security testing than the 10 before it. AFL incorporated known best practices into an easy-to-use tool, the DARPA Cyber Grand Challenge provided a reliable competitive benchmark and funding for new research, and Project Springfield (aka SAGE) is now available to the public. These new technologies have the potential for massive impact on our industry. How do these tools work and what sets them apart from past approaches? Where do they excel and where are their limitations? Is it possible to use them today? How will these technologies advance and what further developed is needed? How much longer do humans have as part of the secure development lifecycle? I will discuss answers to these questions and more in the "The Smart Fuzzer Revolution." About the Speaker: Dan Guido leads the strategic vision for Trail of Bits’s products and services, and manages its day-to-day operations. Dan prioritizes work on automated, scalable tools that make a measurable impact for elite organizations ranging from Facebook to DARPA. Since founding Trail of Bits in 2012, Dan has built the company with people that span the gap between academic research and real-world problems. He pushes his team to study complex computer science topics, and modern attackers’ tactics, techniques and procedures. It’s through this approach that Trail of Bits addresses the root causes of its clients’ challenges, and develops tools that make a lasting impact. When possible, Dan prefers to share the knowledge those tools embody, and to open-source them to the infosec community for use, maintenance and improvement. In addition to his professional work, Dan helps moderate Reddit Netsec, organizes Empire Hacking, and supports ambitious startups through hack/secure’s advisory board.