Fuzz testing find bugs, faster, better, and with less effort than writing regular tests, allowing us to focus more of our time on writing code, architecture rather than correctness of the code.
Problem(s)
Not Applicable
Solution
Use clang's libfuzz, or write our own fuzz library
Difficulties and Risks
Even after months of looking into it, I still have very little idea on how to write my own fuzzer.
Estimated costs and timelines
Should write our own fuzzer in about a month or so, with all the features we want, or impl a fuzzer in a week or so. Saves a lot of cost in the long term.
Abstract
Fuzz testing find bugs, faster, better, and with less effort than writing regular tests, allowing us to focus more of our time on writing code, architecture rather than correctness of the code.
Problem(s)
Not Applicable
Solution
Use clang's libfuzz, or write our own fuzz library
Difficulties and Risks
Even after months of looking into it, I still have very little idea on how to write my own fuzzer.
Estimated costs and timelines
Should write our own fuzzer in about a month or so, with all the features we want, or impl a fuzzer in a week or so. Saves a lot of cost in the long term.
Proof of concept
Haven't implemented one yet
References
https://owasp.org/www-community/Fuzzing https://releases.llvm.org/9.0.0/docs/LibFuzzer.html https://www.code-intelligence.com/blog/secure-coding-cpp-using-fuzzing https://github.com/google/honggfuzz https://github.com/CodeIntelligenceTesting/cifuzz