Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards
problematic changes or patches, towards critical system calls or dangerous locations, or …

Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no
program analysis. A new test is generated by slightly mutating a seed input. If the test …

Coverage-based greybox fuzzing (CGF) is one of the most successful approaches for
automated vulnerability detection. Given a seed file (as a sequence of bits), a CGF randomly …

In this paper, we take the fundamental perspective of fuzzing as a learning process.
Suppose before fuzzing, we know nothing about the behaviors of a program P: What does it …

We present counterintuitive results for the scalability of fuzzing. Given the same non-
deterministic fuzzer, finding the same bugs linearly faster requires linearly more machines …

AFL is one of the most used and extended fuzzers, adopted by industry and academic
researchers alike. Although the community agrees on AFL's effectiveness at discovering …

Concolic testing integrates concrete execution (eg, random testing) and symbolic execution
for test case generation. It is shown to be more cost-effective than random testing or …

Covering all the possible paths of the graphical user interface (GUI) with test scripts would
take too much effort and result in serious maintenance issues. We propose complementing …

Detecting regression bugs in software evolution, analyzing side-channels in programs and
evaluating robustness in deep neural networks (DNNs) can all be seen as instances of …

Greybox fuzzing has been widely used in stateless programs and has achieved great
success. However, most state-of-the-art greybox fuzzers have slow speed and shallow state …