Abstract | ||
---|---|---|
Black-box mutational fuzzing is a simple yet effective method for finding software vulnerabilities. In this work, we collect and analyze fuzzing campaign data of 60,000 fuzzing runs, 4,000 crashes and 363 unique bugs, from multiple Linux programs using CERT Basic Fuzzing Framework. Motivated by the results of empirical analysis, we propose a stochastic model that captures the long-tail distribution of bug discovery probability and exploitability. This model sheds light on practical questions such as what is the expected number of bugs discovered in a fuzzing campaign within a given time, why improving software security is hard, and why different parties e.g., software vendors, white hats, and black hats are likely to find different vulnerabilities. We also discuss potential generalization of this model to other vulnerability discovery approaches, such as recently emerged bug bounty programs. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-3-319-30806-7_11 | ESSoS |
Field | DocType | Citations |
Black box (phreaking),Fuzz testing,Vulnerability (computing),White hat,Computer security,Computer science,Software security assurance,Software,Stochastic modelling,Vulnerability | Conference | 2 |
PageRank | References | Authors |
0.36 | 7 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mingyi Zhao | 1 | 62 | 4.93 |
P. Liu | 2 | 378 | 41.58 |