Continuous Fuzzing Best Practices - DevConf.CZ 2020

Speakers: Yevgeny Pats Fuzzing or fuzz testing is an automated software testing technique that involves providing semi-random data as input to test programs. Fuzzing helps with security, stability and performance. Integrating fuzz testing into the development workflow and CI is a great addition to code quality but also involves new challenges due the special nature of fuzzing. We will share our experience of running continuous fuzzing for both open-source and close-source C/C++/Golang and Rust projects (systemd between theme). We will discuss challenges, possible solutions and other best-practices in continuous fuzzing. Agenda * What is fuzzing? (quick) * libFuzzer introduction + demo. * What is continuous fuzzing? * Current state of continuous fuzzing. * Challenges of continuous fuzzing. * What fuzzing is not? * Current State of C/C++ OSS projects. * Case studies [ https://sched.co/YOn7 ] -- Recordings of talks at DevConf are a community effort. Unfortunately not everything works perfectly every time. If you're interested in helping us improve, let us know.