Let's begin?

[Robert Święcki]

Hi everyone,

Thanks for joining the list!

The impulse for creating a mailing list of this profile appeared when the fuzzbench results were released publicly earlier this year. I somewhat knew that this will both mean a friendly race to the top, as well as an opportunity to share ideas and techniques among devs/engs/researchers. Till now the collaboration happened mostly through reading others' code or papers, conference talks, and over rather infrequent interactions IRL and via e-mail/github. I hope we could be all more vocal here.

To paraphrase an HN's rule, everything that "gratifies one's intellectual curiosity" in the area of software fuzzing and surrounding topics (e.g. general dynamic code analysis) goes.

Community announcements:

The list is open-for-all and unmoderated. I don't think there's any need for secrecy here, but if we get too much spam, or questions for help with more basic fuzzing setups, we could, technically, enable moderation for new/not-yet-on-the-list members.

It should be fine to send announcements about new tools, services and papers here.

For the last month I was working a bit more on honggfuzz's code (cause almost everyone in IT WFH now), and notwithstanding whether fuzzbench is the ultimate measure of fuzzers' usefulness or not, in the coming days I'll be happy to share how to improve one's fuzzer stats there. There'll be a small element of gamification there, but I believe the vast majority of discoveries and techniques I stumbled upon can be easily generalized onto software used outside of the FB benchmark pool.

I've added a couple of well-regarded fuzzing engines' authors as the list's managers. Since the list is open/unmoderated that mostly means making sure the list is not used for (hopefully rare) OT/spam, and it's all done on a voluntary basis. Thanks in advance!

If you have some early comments about the goals of this list, or about the list's administrivia, please let us all know.

--

Robert Święcki

[van Hauser]

Hi!

well then I will start this off :)

Looking at the fuzzbench results, honggfuzz made a big leap a few weeks
ago which put it in front on the targets freetype, libpng and proj4.

Basically from the start it discovers 50-200% more edges than everyone else.

So - what strategy are you deploying there? and what made you think of
that strategy?

Regards,
van Hauser


.

[Robert Święcki]

So, I wanted to create some mini-series (like 3-4 posts) about just that. Mostly it was a fun adventure, and with unexpected discoveries along the way. 

It's not only those 3-4 targets which yield more results than others, but what was interesting, was for example, how to get last missing edge with the jsoncpp, where everyone is at <=634 edges and only libfuzzer/entropic managed to get 635 :).

I should send something today/tomorrow, as I need to gather some github PRs and fuzzbench graphs first.

--

Robert Święcki

[László Szekeres]

Thanks Robert for creating this list!

It's great to have a generic fuzzing discussion forum!

Also, thanks for bringing up FuzzBench! For interested folks, there's FuzzBench specific mailing list as well:

https://groups.google.com/forum/#!forum/fuzzbench-users

We cordially invite everyone who's interested in FuzzBench related announcements and discussions to join.

--

Thanks,

Laszlo