
Modularity Parable and Software
In his seminal book, The Sciences of the Artificial, Herb Simon describes the parable of watchmakers named Hora and Tempus. They built watches out of 1000 parts. The watches were of the highest quality – as a result, they were often interrupted by customers calling up to place orders. However, they built watches using different techniques. Tempus …

Open-source Tools for Binary Analysis and Rewriting
Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose developers are no longer drawing pay checks (or drawing breath). Consequently binary analysis and rewriting are topics of perennial interest to security and software engineering researchers and practitioners. Binary analysis enables the review of …
Continue reading “Open-source Tools for Binary Analysis and Rewriting”

When your brain can’t handle the complexity: NDepend and PostSharp
The size and complexity of codebases have exploded in the last decade. What can you do when your codebase no longer fits your brain? In this article I’ll suggest two completely different tools: NDepend to visualize the code, and PostSharp to reduce its complexity. Since PostSharp is itself a complex codebase, we’ll use NDepend to …
Continue reading “When your brain can’t handle the complexity: NDepend and PostSharp”

What Makes Firmware Vulnerabilities So Deadly?
Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other kind of electronic device. Alternatively, firmware may serve to drive device-level communications with other components in a computer or other …
Continue reading “What Makes Firmware Vulnerabilities So Deadly?”