What you change is what you fuzz! In an empirical study of all fuzzer-generated bug reports
in OSSFuzz, we found that four in every five bugs have been introduced by recent code …

Greybox fuzzing has been the most scalable and practical approach to software testing.
Most greybox fuzzing tools are coverage guided as code coverage is strongly correlated …

Directed grey-box fuzzers specialize in testing specific target code. They have been applied
to many security applications such as reproducing known crashes and detecting …

Directed fuzzing focuses on automatically testing specific parts of the code by taking
advantage of additional information such as (partial) bug stack trace, patches or risky …

Software development is a continuous and incremental process. Developers continuously
improve their software in small batches rather than in one large batch. The high frequency of …

A common paradigm for improving fuzzing performance is to focus on selected regions of a
program rather than its entirety. While previous work has largely explored how these …

Software patching is one of the most significant mechanisms to combat vulnerabilities. To
demystify underlying patch details, the techniques of patch differential analysis (aka patch …

Deep learning (DL) applications are prevalent nowadays as they can help with multiple
tasks. DL libraries are essential for building DL applications. Furthermore, DL operators are …

1-day vulnerabilities are common in practice and have posed severe threats to end users, as
adversaries could learn from released patches to find them and exploit them. Reproducing 1 …

Recently, software testing has become a significant component of information security. The
most reliable technique for automated software testing is a fuzzing tool that feeds programs …