kth.sePublications KTH
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Measuring the Impact of Fuzzing Activity in Networking Software
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-6265-2173
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-3704-1338
2025 (English)In: 40TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, Association for Computing Machinery (ACM) , 2025, p. 1746-1748Conference paper, Published paper (Refereed)
Abstract [en]

Fuzz testing has become the de facto standard for vulnerability discovery. In this paper we study 32 prominent protocol implementations that have been continuously fuzzed by OSS-Fuzz, a widely used fuzzing platform. We define metrics to measure fuzzing activity within a project and correlate our measurements with registered CVEs for discovered vulnerabilities. Our analysis show a strong correlation between fuzzing activity and registered CVEs within a project. However, by using the CWE-1000 analys framework, we find that the correlation is only strong for certain classes of vulnerabilities.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM) , 2025. p. 1746-1748
Keywords [en]
Fuzz Testing, Cyber Security
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-368397DOI: 10.1145/3672608.3707730ISI: 001497934400234Scopus ID: 2-s2.0-105006470321ISBN: 979-8-4007-0629-5 (print)OAI: oai:DiVA.org:kth-368397DiVA, id: diva2:1989702
Conference
40th Symposium on Applied Computing-SAC, MAR 31-APR 04, 2025, Catania, ITALY
Note

QC 20250818

Available from: 2025-08-18 Created: 2025-08-18 Last updated: 2025-08-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Fernandez, LeonKarlsson, Gunnar

Search in DiVA

By author/editor
Fernandez, LeonKarlsson, Gunnar
By organisation
Network and Systems Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 41 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access