Overview

Conclusion

During the last decade , we have watched the sophistication of software security increase exponentially. The same can be said about the techniques used to discover and exploit the new generation of software vulnerabilities. Buffer overflows are not as common in enterprise software as they once were; however, newer vulnerabilities, such as arithmetic problems with integers, are starting to be discovered . These problems have most likely been there from the beginning, but they are just now being recognized.

Due to the difficult nature of auditing and the amount of time required to discover significant software vulnerabilities, many auditors are increasing their use of automation. With the advent of fuzzing, researchers can now discover software vulnerabilities literally in their sleep, which allows them to accomplish much more than they previously could using manual auditing techniques.

We believe that in the next decade, hybrid technologies will become common auditing solutions. These types of systems will need to be maintained by groups of programmers, each person specializing in certain areas; in this way, the security of an application will be quickly audited . Soon, these systems may very well be used to harden software products to an acceptable point, so much so that we will not have to worry about the next Internet worm that may wipe out our infrastructures .