search menu icon-carat-right cmu-wordmark

Vulnerability Discovery

October 2016 Poster
David Warren

Vulnerability Discovery


Software Engineering Institute


Current vulnerability discovery techniques such as black-box fuzz testing and concolic testing are so effective that they routinely find hundreds of thousands of crashers, which crash the target program. We created a new methodology for precisely and naturally defining vulnerabilities through the creation of patches. We use our methodology to debunk three commonly held beliefs in fuzzing practice.