For Want of a Nail presented at SecT 2014

by Sergey Bratus, Meredith L. Patterson,

Summary : Input parser bugs appear to be simple. For years, they've been among the best-understood bug kinds. Yet 2014 could be called The Year of Parser Bugs on account of Heartbleed alone, and there are more such bugs in the 2014 Pwnie Award nominations. In 2013, parser bugs were over a half of all nominated server-side bugs. When simple bugs account for most impactful vulnerabilities, perhaps they are not so simple after all.

Sergey Bratus: Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He enjoys wireless and wired network hacking and tries to help fellow academics to understand its value and relevance. Before coming to Dartmouth, he worked on machine learning for natural text processing at BBN Technologies. He has a Ph.D. In Mathematics from Northeastern University.