Share this page!

Marcel Böhme Profile picture
Twitter logo
30 Mar, 5 tweets, 8 min read
👇 Fuzzing Papers with Code 👇

In 2020, only 35 of 60 fuzzing papers published the code together with the paper. In 2021, let's do better! #reproducibility

Data from wcventure.github.io/FuzzingPaper/
Conferences: CCS, NDSS, S&P, USENIX Sec, ICSE, ESEC/FSE, ISSTA, ASE, ASIACCS, ICST.
1/5
Alphabetically,
* github.com/aflnet/aflnet
* github.com/aflplusplus/AF…
* github.com/andreafioraldi…
* github.com/assist-project…
* github.com/duytai/sfuzz
* github.com/fau-inf2/StarS…
* github.com/hexhive/USBFuzz
* github.com/hexhive/FuzzGen
* github.com/hexhive/retrow…
* github.com/hub-se/MoFuzz
2/5
* github.com/iromise/fans
* github.com/michael-emmi/c…
* github.com/moonmight-stei…
* github.com/piano-man/DPIF…
* github.com/practical-form…
* github.com/rub-syssec/cup…
* github.com/rub-syssec/hyp…
* github.com/rub-syssec/ijon
* github.com/seemoo-lab/fra…
* github.com/sslab-gatech/D…
3/5
* github.com/sslab-gatech/f…
* github.com/softsec-kaist/…
* github.com/testsmt/yinyang
* github.com/rortoisefuzz/T…
* github.com/tudinfse/SpecF…
* github.com/qianzhanghk/Bi…
* github.com/uds-se/lFuzzer
* github.com/vusec/parmesan
* github.com/wcventure/MemL…
* github.com/wsp-lab/Montage
4/5
* github.com/yannicnoller/h…
* github.com/yanxxd/PathAFL
* github.com/yuqichen94/Act…
* github.com/zongpy/FuzzGua…
5/5

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Marcel Böhme

Marcel Böhme Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mboehme_

Marcel Böhme Profile picture
5 Sep 20
[#Fuzzing Evaluation] How do we know which fuzzer finds the largest number of important bugs within a reasonable time in software that we care about?

A commentary on @gamozolabs' perspective.
(Verdict: Strong accept).
YES! We need to present our plots on a log-x-scale. Why? mboehme.github.io/paper/FSE20.Em…
Two fuzzers. Both achieve the same coverage eventually. Yet, one performs really well at the beginning while the other performs really well in the long run. (What is a reasonable time budget? 🤔)
Nice! I agree, comparing *time-to-same-coverage* provides more information about fuzzer efficiency than comparing coverage-at-a-given-time.
Read 10 tweets
Marcel Böhme Profile picture
2 Jul 20
For my new followers, my research group is interested in techniques that make machines attack other machines with maximal efficiency. All our tools are open-source, so people can use them to identify security bugs before they are exploited.

This is how it all started.
My first technical paper introduced a technique that could, in principle, *prove* that no bug was introduced by a new code commit [ICSE'13]. This was also the first of several symbolic execution-based whitebox fuzzers [FSE'13, ASE'16, ICSE'20].

mboehme.github.io/paper/ICSE13.p…
Yet, something was amiss. Even a simple random input generator could outperform my most effective whitebox fuzzer if it generated inputs fast enough. To understand why, we modelled fuzzing as a sampling process and proved some bounds [FSE'14, TSE'15].

mboehme.github.io/paper/TSE15.pdf
Read 13 tweets
Marcel Böhme Profile picture
24 Sep 19
Kostya's keynote: LibFuzzer hasn't found new bugs in <big software companie>'s library. We didn't know why. Later we got a note that they are now using LibFuzzer during regression testing in CI and that it prevented 3 vulns from reaching to production.
In Chrome, libFuzzer found 4k bugs and 800 vulns. In OSS-Fuzz, libFuzzer found 2.4k bugs (AFL found 500 bugs) over the last three years.

@kayseesee #fuzzing #shonan
@kayseesee Fuzz-driven Development: Write your fuzz targets first.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @mboehme_ has new unrolls!

Check out other threads from @mboehme_!

Read all threads by @mboehme_