Fuzzing: Art, Science, and Engineering

12/01/2018

∙

Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.

READ FULL TEXT

Fuzzing: Art, Science, and Engineering

Data Preparation for Software Vulnerability Prediction: A Systematic Literature Review

Machine Learning for Software Engineering: A Systematic Mapping

Systematization of Vulnerability Discovery Knowledge: Review Protocol

A Boxology of Design Patterns for Hybrid Learning and Reasoning Systems

Continuous Systematic Literature Review: An Approach for Open Science

The First 50 Years of Software Reliability Engineering: A History of SRE with First Person Accounts

Fuzzing: Art, Science, and Engineering

Related Research

Data Preparation for Software Vulnerability Prediction: A Systematic Literature Review

Machine Learning for Software Engineering: A Systematic Mapping

Systematization of Vulnerability Discovery Knowledge: Review Protocol

A Boxology of Design Patterns for Hybrid Learning and Reasoning Systems

Continuous Systematic Literature Review: An Approach for Open Science

The First 50 Years of Software Reliability Engineering: A History of SRE with First Person Accounts