"Fuzzy" Data Increases Vulnerability Discovery

Using a concept called "Fuzzing" created by HD Moore, co-founder of the Metasploit Project, vulnerability researchers have been able to greatly reduce the amount of time it takes to discover new vulnerabilities. Originally aimed at Web browser software, the technique sends mangled data to the application and compresses the amount of time and effort required to find vulnerabilities. According to a recent article in The Register, fuzzing has also been applied to the products in the Microsoft Office productivity suite and kept the Office development team very busy scrambling to fix flaws this summer.