Here's the research paper, Automated Whitebox Fuzz Testing by Patrice Godefroid, Michael Levin, and David Molnar:
"Our approach records an actual run of the program under test on a well-formed input, symbolically evaluates the recorded trace, and gathers constraints on inputs capturing how the program uses these. The collected constraints are then negated one by one and solved with a constraint solver, producing new inputs that exercise different control paths in the program. This process is repeated with the help of a code-coverage maximizing heuristic designed to find defects as fast as possible."
I usually scroll down for appealing infographics before I start reading the post. But all we got here is people posing for their new Linkedin profile pic
>> With widely used software such as an operating system or productivity suite, deploying those patches can cost as much as $1 million, the researchers say.
That is part of why so many people dislike Microsoft's attitude. Who cares that it costs 1m to deploy a patch. Corporate customers are going to be spending far more than a million installing that patch. Just think about how many customers are out there who have to test and apply this patch. Fixing a vulnerability prior to release is worth billions of dollars to millions of customers. That should be the math, not how much MS must spend every other Tuesday.
"Our approach records an actual run of the program under test on a well-formed input, symbolically evaluates the recorded trace, and gathers constraints on inputs capturing how the program uses these. The collected constraints are then negated one by one and solved with a constraint solver, producing new inputs that exercise different control paths in the program. This process is repeated with the help of a code-coverage maximizing heuristic designed to find defects as fast as possible."
https://www.microsoft.com/en-us/research/wp-content/uploads/...