Estimating residual risk in greybox fuzzing
Marcel Böhme, Danushka Liyanage, Valentin Wüstholz
Abstract
For any errorless fuzzing campaign, no matter how long, there is always some residual risk that a software error would be discovered if only the campaign was run for just a bit longer. Recently, greybox fuzzing tools have found widespread adoption. Yet, practitioners can only guess when the residual risk of a greybox fuzzing campaign falls below a specific, maximum allowable threshold.
Topics & Concepts
Fuzz testingResidualComputer scienceSoftwareComputer securityAlgorithmProgramming languageSoftware Testing and Debugging TechniquesSoftware Reliability and Analysis ResearchSoftware Engineering Research