I claimed 2006 will be the year of the fuzzer a week or two ago, this bugtraq mail from
Steve Christey reminded me of this and that I should mention it in a public place.
It's the middle of February now and we've already seen a handful of LDAP issues and one fairly serious kernel issue that was found from fuzzing. This may not seem like a lot, but it's already more than I remember seeing in all of 2005. I've also been working on a small fuzzer in my personal time, with a fair amount of success, so it's very possible I'm just paying more attention.
What is fuzzing?
Fuzzing is the process of taking taking some known good data, then mangling it at random to see how a givin program responds to it. It's a bit like the mad libs game many of us played when we were young. sometimes the sentences would make sense, often they would not. A properly written application or library will take the bad data and deal with as incorrect data. If there is a bug, it's possible you will find it by fuzzing input, then observing how the program responds.
From personal experience, it will take many thousands of iterations in order to find a problem, and it's likely that the problem you find won't necessarily be a security issue. I like to compare this to sorting a deck of cards by throwing them up in the air. Eventually, the deck will get sorted, but it's going to take a VERY long time before it does.
