Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

The Cost-Benefit Reality of Formal Methods Projects

2025-06-02

This article, based on the author's experience, explores the challenges of applying formal methods (FM) in real-world projects. The author argues that the success of FM projects hinges on a cost-benefit balance. Many potential FM projects fail to materialize due to high costs, difficulties in quantifying benefits, or the inability to demonstrate short-term value. The article highlights that successful FM projects require early value delivery, translating complex technical results into client-understandable language, and prioritizing low-cost reliability assurance measures, such as testing and code reviews. The author emphasizes that FM is not a silver bullet and should be combined with other methods to improve software reliability and security.

Read more
(www.galois.com)
Development cost-benefit analysis

GREASE: Open-Source Tool for Finding Bugs in Binaries

2025-03-20

GREASE is an open-source tool that leverages under-constrained symbolic execution to help reverse engineers find hard-to-spot bugs in binary code, improving system security. Supporting various architectures and formats, it integrates with Ghidra, functions as a standalone command-line tool, or a Haskell library. GREASE analyzes functions by running them with fully symbolic registers, iteratively refining symbolic preconditions using heuristics when errors occur. While limitations exist, such as potential false positives and negatives, GREASE significantly aids in enhancing software security, particularly when analyzing COTS software only available in binary form.

Read more
(www.galois.com)
Development bug detection