In this project, you will audit open-source software projects for security bugs. You can complete the project in three ways: finding bugs, writing patches, and writing exploits. The number of bugs you must find depends on the size of your team:
|Team Size||Total Points|
Each task earns points as follows (you can submit a patch and develop an exploit for the same bug, if you want):
|+ Write patch||1|
|+ Write exploit||5|
Each team member is required to demo one exploit to me at the end of the semester (you may work together to develop the exploits, but each member must demo a separate exploit). Note that simply causing the program to crash from malformed input (which is a denial-of-service attack), is not sufficient to count for your exploit demo, although I will give 1 point (instead of 5) for developing such an attack. You should send bug reports (and possibly patches) to the authors of the programs you audit. Your final report should include copies of all the bug reports you make and, whenever possible, a copy of the email from the authors acknowledging that you found a real, exploitable security bug.
|Date||Task||Weight of Grade|
You can use Freshmeat and SourceForge to find projects to audit.
The following code auditing tools may be helpful