Should we add bugs to software to put off attackers?

A group of New York University researchers are testing a new approach to software security: adding more bugs to it instead of removing them. The idea is to “drown attackers in a sea of enticing-looking but ultimately non-exploitable bugs” and waste skilled attackers’ time.

This approach is aimed at disrupting the triage and exploit development stages of the attackers’ workflow by introducing chaff bugs (the name is a nod to the strips of foil dispensed by military aircraft to confuse enemy radar).

Read more about the concept of chaff bugs, which researchers believe can be developed to form a valuable layer of defense, on Help Net Security.