
The 'Cyber Testing Lab' Provides Standardised Security Grading for Software - Osiris30
https://theintercept.com/2016/07/29/a-famed-hacker-is-grading-thousands-of-programs-and-may-revolutionize-software-in-the-process/
======
wyldfire
"Revolutionize software" is silly. I can't help thinking it's been tried
before. But the timing's right now if it wasn't before. I would see lots of
big companies who manufacture devices with embedded software submitting not
individual binaries but distributed systems of binaries. The static analysis
alone is a really good start but it's interesting to see that they're doing
some fuzzing too.

After reading this article I did some searching about binary static analysis.
One simple technique that's popular is symbolic execution. I hadn't heard of
it before. Or, rather -- I guess I had in the context of "concolic" execution
but I don't think I quite got it. There's some popular packages out there,
both open and closed source.

