Hi there. > On Aug 23, 2017, at 3:56 AM, Infoomatic <infooma...@gmx.at> wrote: > > Hi, > As nowadays I read quite a lot of projects being fuzzy tested or > vulnerabilities detected by fuzzy testing, I am quite curious: what is the > status of OpenBSD kernel/base system concerning fuzzy testing?
yes fuzzers have been used for a very long time. if you search through the commit archives you'll see that one recent example is afl which has been used on both userland and kernel. Some links: http://www.undeadly.org/cgi?action=article&sid=20150121093259 http://lcamtuf.coredump.cx/afl/ https://github.com/nccgroup/TriforceOpenBSDFuzzer other fuzzers have been used too as far as I know. More work in this space is always welcome too. > Is there a plan on using the Google fuzzer? thanks to be clear, you're asking about oss-fuzz? if yes, then someone motivated enough might be able to get it going but it looks like a good amount of work to set it all up in a docker environment, etc. I might explore... at some point... maybe. But right now I'm personally more focused on static analysis of the kernel using tools like coverity. > > regards, > infoomatic >