Back
Bavota_Lanza_2023_ACM_TOSEM
Journal article

The human side of fuzzing : challenges faced by developers during fuzzing activities

Show more…
  • 2023
Published in:
  • ACM transactions on software engineering and methodology. - 2023, vol. 33, no. 1, p. 1-26
Fuzzing
Software testing
Empirical software engineering
English Fuzz testing, also known as fuzzing, is a software testing technique aimed at identifying software vulnerabilities. In recent decades, fuzzing has gained increasing popularity in the research community. However, existing studies led by fuzzing experts mainly focus on improving the coverage and performance of fuzzing techniques. That is, there is still a gap in empirical knowledge regarding fuzzing, especially about the challenges developers face when they adopt fuzzing. Understanding these challenges can provide valuable insights to both practitioners and researchers on how to further improve fuzzing processes and techniques. We conducted a study to understand the challenges encountered by developers during fuzzing. More specifically, we first manually analyzed 829 randomly sampled fuzzing-related GitHub issues and constructed a taxonomy consisting of 39 types of challenges (22 related to the fuzzing process itself, 17 related to using external fuzzing providers). We then surveyed 106 fuzzing practitioners to verify the validity of our taxonomy and collected feedback on how the fuzzing process can be improved. Our taxonomy, accompanied with representative examples and highlighted implications, can serve as a reference point on how to better adopt fuzzing techniques for practitioners, and indicates potential directions researchers can work on toward better fuzzing approaches and practices.
Collections
Language
  • English
Classification
Computer science and technology
License
CC BY-NC-ND
Open access status
green
Identifiers
Persistent URL
https://n2t.net/ark:/12658/srd1329485
Statistics
Document views: 28 File downloads:
  • Bavota_Lanza_2023_ACM_TOSEM.pdf: 54