The fuzzy tale of an x/crypto vulnerability

Author: mmcloughlin

lightningtalks/MichaelMcLoughlin-TheFuzzyTaleOfAnXCryptoVulnerability/README.md

@@ -0,0 +1,11 @@
+# The fuzzy tale of an x/crypto vulnerability
+
+Michael McLoughlin ([@mmcloughlin](https://github.com/mmcloughlin))
+
+* [Slides](slides.pdf)
+* [`cryptofuzz` Project](https://github.com/mmcloughlin/cryptofuzz)
+
+On March 20, 2019, the [Go team released a patch for a security vulnerability in `x/crypto/salsa20`](https://groups.google.com/forum/#!topic/golang-dev/1X7VG7FDw2A). This talk will regale you with the full story from [discovery by differential fuzzing](https://github.com/mmcloughlin/cryptofuzz), via low-level assembly root cause analysis to the [contentious disclosure process](https://twitter.com/hashbreaker/status/1108637226089496577).
+
+Along the way we'll explore testing practices for security-critical software, in particular the use of `go-fuzz` to check compatibility with reference implementations. Ultimately we'll see how even the most subtle of mistakes in assembly code can have catastrophic implications.
+