Mutation-based greybox fuzzing—unquestionably the most
widely-used fuzzing technique—relies on a set of non-crashing seed
inputs (a corpus) to bootstrap the bug-finding process. When
evaluating a fuzzer, common approaches for constructing this corpus
include: (i) using an empty file; (ii) using a single seed representative
of the target's input format; or (iii) collecting a large number of seeds
(e.g., by crawling the Internet). Little thought is given to how this
seed choice affects the fuzzing process, and there is no consensus on which
approach is best (or even if a best approach exists).

To address this gap in knowledge, we systematically investigate and
evaluate how seed selection affects a fuzzer's ability to find
bugs in real-world software. This includes a systematic review
of seed selection practices used in both evaluation and deployment
contexts, and a large-scale empirical evaluation (over 33 CPU-years)
of six seed selection approaches. These six seed selection approaches
include three corpus minimization techniques (which select the
smallest subset of seeds that trigger the same range of instrumentation
data points as a full corpus).

Our results demonstrate that fuzzing outcomes vary significantly
depending on the initial seeds used to bootstrap the fuzzer, with
minimized corpora outperforming singleton, empty, and large (in the
order of thousands of files) seed sets. Consequently, we encourage
seed selection to be foremost in mind when evaluating/deploying
fuzzers, and recommend that (a) seed choice be carefully considered
and explicitly documented, and (b) never to evaluate fuzzers with only
a single seed.