In this talk, I will reflect on my experiences designing and applying different forms of fuzzing (whitebox, greybox and blackbox) to various types of software (file processing applications, network servers, compilers, document readers, etc.) and software engineering problems (patch testing, test suite augmentation, refactoring, etc.) While the goal of fuzzing is to find bugs, our objective as fuzzing researchers and practitioners should be to improve the reliability, security and quality of software. I therefore argue that we need to pay closer attention to how fuzzing is integrated into the software development process and how we can use fuzzing to help with other software engineering tasks.

Cristian Cadar is Professor of Software Reliability in the Department of Computing at Imperial College London, where he leads the Software Reliability Group, working on automatic techniques for increasing the reliability and security of software systems. Cristian’s research has been recognised by several prestigious awards, including the EuroSys Jochen Liedtke Award, the HVC Award, the BCS Roger Needham Award, the ACM SIGOPS Hall of Fame Award, and the ACM CCS Test of Time Award. He also received an ERC Consolidator Grant and an EPSRC Early-Career Fellowship. Many of the research techniques he co-authored have been open-sourced and used by several groups in both academia and industry. In particular, he is co-author and the principal maintainer of the KLEE symbolic execution system, a popular system with a large user base. Cristian has a PhD in Computer Science from Stanford University, and undergraduate and Master’s degrees from the Massachusetts Institute of Technology.