Addison
Hi! I do systems security research at CISPA under Thorsten Holz, where my main focus is... well, I'm not really sure, but it's something to do with making testing better by using the tools we have available better. I care deeply about repeatability, reliability, and usability of scientific findings, especially in software testing where we have effectively no excuse to not distribute and share the tools we make for research.
Beyond my academic works, I operate a blog where I post short explorations of testing topics (especially fuzzing), I am a maintainer of LibAFL (and the author of libafl_libfuzzer), and I sometimes write blogs on secret.club. I'm also a bit of a foodie, so if you see me at the conference and know of any great places to eat during the winter break: let me know!
Beitrag
Despite how it's often portrayed in blogs, scientific articles, or corporate test planning, fuzz testing isn't a magic bug printer; just saying "we fuzz our code" says nothing about how effectively it was tested. Yet, how fuzzers and programs interact is deeply mythologised and poorly misunderstood, even by seasoned professionals. This talk analyses a number of recent works and case studies that reveal the relationship between fuzzers, their inputs, and programs to explain how fuzzers work.