From: Stephan Lipp <stephan.lipp@tum.de>
To: Nick Clifton <nickc@redhat.com>
Cc: "Marcel Böhme" <marcel.boehme@mpi-sp.org>,
"Thorsten Holz" <holz@cispa.de>,
"Pretschner, Alexander" <alexander.pretschner@tum.de>,
"Hassler, Keno" <keno.hassler@cispa.de>,
"Philipp Görz" <mail@philipp-goerz.com>,
Binutils <binutils@sourceware.org>
Subject: Re: Automated vulnerability detection
Date: Wed, 9 Nov 2022 12:13:33 +0100 [thread overview]
Message-ID: <7b6ae72b-652d-5a94-da78-115d7f3c4a38@tum.de> (raw)
In-Reply-To: <3f1a02fc-398f-cd89-32df-80dd1657a33f@redhat.com>
Hi Nick,
Thank you very much for your response!
We are currently using an older version of Binutils to see how well
these tools detect known vulnerabilities (CVEs). Thank you for pointing
us to this reporting system. I think it also makes sense to see what was
reported there for the version we use in our study.
In case we find a new vulnerability, we will of course report it through
your bug tracking system.
Best regards,
Stephan
On 08.11.22 13:47, Nick Clifton wrote:
> Hi Stephan,
>
>> Do you use static analysis tools or fuzzers to test Binutils (2.29)?
>
> Yes and no. We - the GNU Biuntils project - do not use static analysers
> or fuzzers directly. But there are quite a few groups out there who do
> use these tools to analyse the binutils sources and report problems that
> they find. We are always pleased to receive these reports and
> investigate
> the issues that they find.
>
> Aside - I assume that referring to version "2.29" in your email is a typo
> and that you meant 2.39. Version 2.29 is quite old now.
>
>
>> We are happy to share any insights from our analysis which might be
>> also helpful to you. Thank you very much in advance!
>
> If you do find bugs in the binutils sources we are always happy to
> receive
> them. If you can, it really helps us if you are able to file bug reports
> via the bur reporting system found here:
>
> https://sourceware.org/bugzilla/enter_bug.cgi?product=binutils
>
> Cheers
> Nick
>
prev parent reply other threads:[~2022-11-09 11:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-07 12:28 Stephan Lipp
2022-11-08 12:47 ` Nick Clifton
2022-11-09 11:13 ` Stephan Lipp [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7b6ae72b-652d-5a94-da78-115d7f3c4a38@tum.de \
--to=stephan.lipp@tum.de \
--cc=alexander.pretschner@tum.de \
--cc=binutils@sourceware.org \
--cc=holz@cispa.de \
--cc=keno.hassler@cispa.de \
--cc=mail@philipp-goerz.com \
--cc=marcel.boehme@mpi-sp.org \
--cc=nickc@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).