Hi there.
> On Aug 23, 2017, at 3:56 AM, Infoomatic wrote:
>
> Hi,
> As nowadays I read quite a lot of projects being fuzzy tested or
> vulnerabilities detected by fuzzy testing, I am quite curious: what is the
> status of OpenBSD kernel/base system concerning fuzzy testing?
yes fuzzers have been used for a very long time. if you search through the
commit archives you'll see that one recent example is afl which has been used
on both userland and kernel.
Some links:
http://www.undeadly.org/cgi?action=article=20150121093259
http://lcamtuf.coredump.cx/afl/
https://github.com/nccgroup/TriforceOpenBSDFuzzer
other fuzzers have been used too as far as I know.
More work in this space is always welcome too.
> Is there a plan on using the Google fuzzer? thanks
to be clear, you're asking about oss-fuzz? if yes, then someone motivated
enough might be able to get it going but it looks like a good amount of work to
set it all up in a docker environment, etc.
I might explore... at some point... maybe.
But right now I'm personally more focused on static analysis of the kernel
using tools like coverity.
>
> regards,
> infoomatic
>