Name: Fuzz or lose: why and how to make fuzzing a standard practice for C++
Start: 2017-09-25T17:20:00-0700
End: 2017-09-25T17:50:00-0700

Back To Schedule

Fuzz or lose: why and how to make fuzzing a standard practice for C++

Feedback form is now closed.

Fuzzing is a family of testing techniques in which test inputs are generated semi-randomly. The memory unsafety of C++ has made fuzzing a popular tool among security researchers. Fuzzing also helps with stability, performance, and equivalence testing; and it’s a great addition to everyone’s CI.

Our team has launched OSS-Fuzz, the Google's continuous fuzzing service for open source software, and a similar service for our internal C++ developers. Over 1000 C++ APIs are being fuzzed automatically 24/7, and thousands of bugs have been found and fixed.

Now we want to share this experience with the wider C++ community and make fuzzing a part of everyone’s toolbox, alongside unit tests. We will demonstrate how you can fuzz your C++ library with minimal effort, discuss fuzzing of highly structured inputs, and speculate on potential fuzzing-related improvements to C++.

Speakers

Kostya Serebryany

Software Engineer, Google

Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer and ThreadSanitizer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years... Read More →

Monday September 25, 2017 5:20pm - 5:50pm PDT
Colossus Theater Meydenbauer Center

•Tooling and Compilation

Level Beginner, Intermediate, Advanced, Expert
Tags fuzzing, security, Serebryany, testing

Attendees (223)

K
T
A
T
S
Z
R
D
D
E
P
C
R
C
I
M
L
A
M
View All →

CppCon 2017

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Kostya Serebryany

Attendees (223)