.I've posted this in another forum on another site as well, because I'm trying to get as much feedback as possible!
I've been developing code coverage and application fuzzing software (with Pedram Amini's PyDBG as my debugging API) in my free time for a while now, and it's about time that I leave my consultant position at my firm to pursue other endeavors. There is no "legal" conflict of interest with my software and current employer (aside from the comment below), so that doesn't even need to be considered. My group at this form doesn't sell software, doesn't want to, and basically hates it even though my group is a security consulting group.
So I'm trying to determine whether I want to commercialize the software (including sources) or just open source it. I'd love to make a living on it, I'm just wary given all of the doom and gloom of the economy, and because I can't actually sell it while at my current employer (they terminate people who make money working outside of this job). Here's the breakdown of what I've been working on:
Loki (distributed fuzzer)
- Not dependent on any additional commercial software licenses (you have to provide your own OS and apps tho)
- Similar to Pedram's Sulley, but further in development
- Highly configurable (fuzzing sets can be customized however necessary)
- Fuzzing Options include: arbitrarily sized data replacement, string mutation, randomly generated data, and a couple others I can't think of off the top of my head
- Supports heterogeneous application versions
- Supports as many fuzzing hosts as you want to throw at it
- Centrally managed
- Capable of testing Windows applications, and services (Linux/Unix support is almost done)
- Capable of testing ActiveX
- HTML/CSS/Javascript rendering (browser agnostic) is in testing, not in production
- Provides useful crash dumps with symbol resolution
Bikini (code coverage)
- Not dependent on any additional commercial software licenses (like above)
- Highly configurable (inclusion/exclusion DLL, address, range lists, great for stepping to the end of the unpacking of packed binaries)
- Automatic basic block detection and mapping
- Pretty execution graph generation (viewable through free 3rd party applications)
- Data flow graph generation (viewable through free 3rd party applications)
- cflow graph generation
- Coverage restarts
- Multiple run support (say the tested code is non-deterministic, and you want to grab multiple runs of the same app)
- Application version comparison (like bindiff)
- Bunch of other analysis info
- Can be integrated into Loki for "second phase" analysis
- Web-based graphing is still in development (figuring out layout algorithms sucks)
I'm also in the process of developing a pseudocode (c-like) decompiler, that takes Bikini output and generates source code with graph matching to basic blocks. But I can't work both jobs anymore if I want to finish it!
The feedback I'm looking for is, how much would individuals or companies be willing to spend on this kind of software if it was commercial + source licensed? And should I bother with open sourced licensing if I want to make a modest (well, maybe take a couple trips every couple years) living on it?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}