Should we add bugs to software to put off attackers?

A group of New York University researchers are testing a new approach to software security: adding more bugs to it instead of removing them. The idea is to “drown attackers in a sea of enticing-looking but ultimately non-exploitable bugs” and waste skilled attackers’ time.

This approach is aimed at disrupting the triage and exploit development stages of the attackers’ workflow by introducing chaff bugs (the name is a nod to the strips of foil dispensed by military aircraft to confuse enemy radar).

Read more about the concept of chaff bugs, which researchers believe can be developed to form a valuable layer of defense, on Help Net Security.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief