fuzzing
Safeguard articles tagged "fuzzing" — guides, analysis, and best practices for software supply chain and application security.
10 articles
Memory safety in C/C++: the vulnerability classes that won't go away
Microsoft found ~70% of its patched CVEs trace to memory-safety bugs. Here's how buffer overflows, use-after-free, and double-free still happen — and what actually catches them.
Fuzz testing for AppSec teams: AFL++, libFuzzer, and OSS-Fuzz
OSS-Fuzz has found over 13,000 vulnerabilities since 2016, yet most AppSec teams still treat fuzzing as a research curiosity rather than a pipeline stage.
The most common C++ vulnerability classes, and the tooling that catches them
Memory-safety bugs account for roughly 70% of high-severity CVEs in large C/C++ codebases at Microsoft and Google. Here's why, and what actually stops them.
Memory-Safety Vulnerabilities in C/C++: What Static and Dynamic Analysis Actually Catch
Roughly 70% of the CVEs Microsoft and Google's Chrome team assign each year trace to memory-unsafe C/C++ code — how static analysis, sanitizers, and fuzzers each catch a different slice of it.
An introduction to C and C++ memory-safety vulnerabilities
Microsoft has reported that roughly 70% of the CVEs it patches each year trace back to memory-safety bugs — here's what buffer overflows, use-after-free, and double-free actually look like.
What is Fuzz Testing (Fuzzing)
Fuzz testing bombards software with malformed inputs to surface crashes and memory bugs. Here's how fuzzers work, what they've found, and where they fall short.
Automated Zero-Day Discovery: How AI Is Changing Vulnerability Research
AI-powered fuzzing and code analysis are accelerating zero-day discovery. Here's what that means for defenders.
Differential Testing for Supply Chain Vulns
Differential testing compares the behavior of multiple implementations of the same specification. In supply-chain work, it surfaces bugs that nobody else can see.
Fuzzing Open Source for Supply Chain Findings
How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.
What is Fuzzing
Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.