The popularity of coverage-guided greybox fuzzers has led to a tsunami of security-critical
bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (eg …

Fuzz testing has been used to find bugs in programs since the 1990s, but despite decades
of dedicated research, there is still no consensus on which fuzzing techniques work best …

One of the key questions when fuzzing is where to look for vulnerabilities. Coverage-guided
fuzzers indiscriminately optimize for covering as much code as possible given that bug …

Among various fuzzing approaches, coverage-guided grey-box fuzzing is perhaps the most
prominent, due to its ease of use and effectiveness. Using this approach, the selection of …

Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …

Directed fuzzing focuses on automatically testing specific parts of the code by taking
advantage of additional information such as (partial) bug stack trace, patches or risky …

Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards
problematic changes or patches, towards critical system calls or dangerous locations, or …

Fuzzing has become one of the most effective bug finding approach for software. In recent
years, 24* 7 continuous fuzzing platforms have emerged to test critical pieces of software …

Researchers have proposed many optimizations to improve the efficiency of fuzzing, and
most optimized strategies work very well on their targets when running in single mode with …

Software contains bugs, and some bugs are exploitable. Mitigations protect our systems in
the presence of these vulnerabilities, often stopping the program once a security violation …