Interested in BUG-INJECTOR?

BUG-INJECTOR generates benchmarks for evaluating cyber-defense tools and techniques. It works by injecting known vulnerabilities into existing software. The detection rate of cyber-defense tools or techniques on a given class of vulnerability can be approximated by measuring their effectiveness in detecting the specific vulnerabilities from the class that have been injected into the host(s).

BUG-INJECTOR has multiple applications: 

  • Individual prospective users of cyber-defense tools or techniques can inject bugs into their code to predict their likely effectiveness on their own (possibly idiosyncratic) code,
  • Governments or standards groups can use it to create fixed benchmark suites against which to compare and contrast multiple tools and techniques,
  • Vendors and researchers can use it to improve their tools and techniques,
  • Generated benchmarks may be used to host cyber security training, red team, or capture the flag events.

BUG-INJECTOR is highly configurable, and gives users control over the host software, the bugs included in the benchmark, and the degree to which injected vulnerabilities are obfuscated or camouflaged in the host.

The implementation of BUG-INJECTOR is independent of leading cyber-defensive techniques, thus avoiding the circularity in which technical shortcomings of these techniques limit the generated benchmarks.

100% Privacy Guaranteed




BUG-INJECTOR automatically rewrites the source code of C/C++ software (Java and JavaScript support are in development) to inject bugs and weaknesses.  The ability to inject many instances of known bugs enables the evaluation of bug finding tools like static analyzers and fuzzers. BUG-INJECTOR generated buggy software may also be used to host cyber security training and capture the flag events. Customers of static analysis tools can use BUG-INJECTOR to inject the bugs they care about into their own software to evaluate tools under the particular conditions that matter to them.

About GrammaTech

At GrammaTech, we help our customers, partners, and government research sponsors solve the most challenging software issues of today and tomorrow, safeguarding embedded mission-critical devices from failure and cyber attack. With our security-first software design philosophy, you can rely on GrammaTech to help you design, develop, and deploy trusted software applications -- minimizing corporate risks and maximizing your competitive position.

© GrammaTech. All rights reserved.

Please fill out this form if you would like us to contact you to discuss BUG-INJECTOR

Fix the following errors: