# Finding Software Vulnerabilities
## Abstract
As computers grow increasingly powerful, they become able to run a mind-boggling amount of code in the blink of an eye. Software developers are taking full advantage of this, and software packages too, are growing in both size and complexity. The amount of code that is run for the simple task of showing a web page, ranging from device drivers, operating system calls, network stack, html parser, javascript engine, etc, is simply staggering.

Software security follows the principle of the weakest link, meaning that if an attacker can find a single vulnerability in any of these software packages, he can compromise the system. With such an impossibly large attack surface, how can we make sure we are safe from attackers?

In this study, we will dive into the world of software vulnerabilities, and how to detect them. From manual code audits to fully automated code analysis tools, we will look at the most commonly used techniques for finding flaws. We will look at methods used by software developers to find vulnerabilities in their own code, to methods used by attackers to find flaws to exploit.


## The full paper
[Finding Software Vulnerabilities.pdf](http://tommythorsen.github.io/documents/finding-software-vulnerabilities/Finding%20Software%20Vulnerabilities.pdf)