I am a CS grad student and just finished some research on fuzzing. I was wondering if you guys use fuzzing at all, and if so how?
I became familiar with Pai Mei and, more specifically, Evolutionary Fuzzing Systems that a specific group wrapped into a Pai Mei branch (including a Charlie Miller fork). It is fascinating, but it seems like fuzzing as a specific research area has stagnated a bit, unless I'm just out of the loop.
I was wondering if you might have some insight into the current state-of-the-art in regards to fuzzing, especially from the perspective of utility. In other words, given a whole suite of security and vulnerability tests, is fuzzing such a small focus that it isn't worth energy? Or do you think that it could be considered extraordinarily powerful?
Part of my research has led me to the intuition that while code coverage is great (and ultimately desirable), it isn't the end-all, be-all. In other words, we can't just cover the code and call it a day, we need to go beyond (without falling prey to the Halting Problem). What do you think about this? Do you think attacking code coverage like SAGE does is a heuristic trap?
tadamhicks1 karma
I am a CS grad student and just finished some research on fuzzing. I was wondering if you guys use fuzzing at all, and if so how?
I became familiar with Pai Mei and, more specifically, Evolutionary Fuzzing Systems that a specific group wrapped into a Pai Mei branch (including a Charlie Miller fork). It is fascinating, but it seems like fuzzing as a specific research area has stagnated a bit, unless I'm just out of the loop.
I was wondering if you might have some insight into the current state-of-the-art in regards to fuzzing, especially from the perspective of utility. In other words, given a whole suite of security and vulnerability tests, is fuzzing such a small focus that it isn't worth energy? Or do you think that it could be considered extraordinarily powerful?
Part of my research has led me to the intuition that while code coverage is great (and ultimately desirable), it isn't the end-all, be-all. In other words, we can't just cover the code and call it a day, we need to go beyond (without falling prey to the Halting Problem). What do you think about this? Do you think attacking code coverage like SAGE does is a heuristic trap?
THANKS!
View HistoryShare Link