> Since then, afl-fuzz helped to squash hundreds of bugs, in part due to a community of folks who found the tool to be fun to use.
I wonder whether a tool as unexpectedly successful as this presents the security community with a weird dilemma: If so many people have begun to use afl-fuzz, find problems, and report them, can't we expect that just as many people find problems and don't report them?
Now, my security expertise goes as far as "don't roll your own", so maybe all the bugs found were, in practice, relatively difficult to exploit. But could afl-fuzz have helped scores of blackhatters to find and abuse the next shellshocks? If so, in hindsight, was it actually a good move to release afl-fuzz so openly and enthusiastically?
I don't see why you're singling out afl-fuzz when you can say the exact same thing for every automated penetration testing tool.
There's scores of Linux distributions dedicated to bundling as many security-related scripts as possible. If we're going to be talking about "utility to blackhatters", there's plenty of tools that have been around for longer and have been far more influential.
I'm singling out afl-fuzz because it seems to be so spectacularly successful. In fact, this blog post is all about how spectacularly successful it is. Maybe it isn't actually, compared to all those others tools I don't know about, but then maybe you could've just said that and skipped the sneering? I've been pretty forthcoming about my lack of security expertise, I'm just asking people like you an honest opinion.
Most automated penetration testing tools show what known vulnerabilities a target system has, and can help piece them together into a complete exploit: they do not find new bugs.
I wonder whether a tool as unexpectedly successful as this presents the security community with a weird dilemma: If so many people have begun to use afl-fuzz, find problems, and report them, can't we expect that just as many people find problems and don't report them?
Now, my security expertise goes as far as "don't roll your own", so maybe all the bugs found were, in practice, relatively difficult to exploit. But could afl-fuzz have helped scores of blackhatters to find and abuse the next shellshocks? If so, in hindsight, was it actually a good move to release afl-fuzz so openly and enthusiastically?