Claroty researcher Vera Mens and JFrog researcher Shachar Menashe join the podcast to discuss a recent research collaboration between the two companies that looked at the security of BusyBox.
Busybox is a popular embedded Linux utility suite, and is found everywhere in operational technology, including in devices such as PLCs, HMIs, and RTUs.
The researchers published a paper that describes 14 vulnerabilities uncovered in BusyBox—all of which were patched—and the custom fuzzing harnesses used to trigger the bugs. The harnesses were released to open source by Claroty and can be found on GitHub.