Hacker News new | past | comments | ask | show | jobs | submit login
VrankenFuzz ā€“ a multi-sensor, multi-generator mutational fuzz testing engine [pdf] (files.wordpress.com)
28 points by guidovranken 9 months ago | hide | past | web | favorite | 3 comments

I read most of this paper and skimmed a few sections I felt were old hat. The author discusses various problems that apply to all fuzzers focusing especially on a naive fuzzer's inability to achieve depth into complex code paths. This, they explain, is solved by modifying the target program, or by seeding with data that is known to exercise deep paths. These are well known techniques. The rest of it is explaining the author's concept of three basic components of fuzzers, which are "sensors" (what e.g. AFL and others would call "instrumentation"), "generators" (just what it sounds like, this component generates target program inputs) and "processors" (these read sensors and influence the generators). I like the clarity the author brings to the subject and the framework is good for thinking about fuzzer design in a clear way. I'm not sure that the particular subject of the paper, VrankenFuzz, is anything groundbreaking. Also the author says at the end that they want "compensation" before they release it as open source.

Thanks for the summary.

> Also the author asks for money at the end before they release it as open source.

That raised my interest. It's not exactly what the author wrote though:

>> Iā€™d like to release the source code publicly as open source for a compensation.

I imagine they'd consider other forms of compensation, e.g. free accommodation in a castle in the south of France (maybe that's just me).

I'm interested to hear how this pans out. Asking for support after releasing FOSS doesn't always work either.

Yeah, I edited my comment to say 'compensation' instead. Thanks :)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact