Attackers only need to find a single exploitable bug in order to install malware, bots, and viruses on a vulnerable user's computer. Unfortunately, bugs are plentiful. For example, the Ubuntu Linux distribution bug management database currently lists over 58,000 open bugs. Thus, the question is not whether an attacker can find a bug, but which bugs an attacker can exploit.
This research investigates novel techniques, approaches, and algorithms for finding exploitable bugs. The ability to deterimine whether a bug is exploitable or not will allow developers to prioritize bug reports so that the most security-critical bugs are fixed first. The techniques investigated will also help developers distribute patches safely.
