Comment Re:the benefits of open source... (Score 1) 117
Quite frankly, having the source doesn't help exploits much, or at least nearly as much as it helps in correcting exploits. The reason for this is most of the common methods for injecting code into privileged apps are extremely complex and rely on several different parts of the code to be in a certain key state to take place. So save from 1) being a literal genius or 2) having a ton of experience in knowing where security problems in coding tend to pop up(and even here, you will miss most), code review doesn't help much in finding actual exploits.(although it can be instrumental in determining if the architecture of the code is exploit prone, so again, better for the whitehats than blackhats)
The easier way to look for exploits now is to automate the app and then find ways to make it crash or otherwise misbehave/not behave as intended. If you can find a way to make it crash, especially segfault etc, you have found a bug that is likely to be exploitable. Many security researchers and firms have clusters of automated programs crunching night and day trying to find ways to make them crash/trigger unusually high exceptions/looking for other signs of misbehavior.
Another good way is to look for certain patterns. For example, a .net app that makes lots of disorganized unsafe calls to unmanaged code is a good shot(probably a newb or incompetent programmer(disorganized) treading on dangerous ground), and you can monitor all of this just fine if not more easily sans-source, with standard debugging tools for the OS you are on(doesn't matter which).
The easier way to look for exploits now is to automate the app and then find ways to make it crash or otherwise misbehave/not behave as intended. If you can find a way to make it crash, especially segfault etc, you have found a bug that is likely to be exploitable. Many security researchers and firms have clusters of automated programs crunching night and day trying to find ways to make them crash/trigger unusually high exceptions/looking for other signs of misbehavior.
Another good way is to look for certain patterns. For example, a