Safeguard
Tag

fuzzing

Safeguard articles tagged "fuzzing" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Application Security

Memory safety in C/C++: the vulnerability classes that won't go away

Microsoft found ~70% of its patched CVEs trace to memory-safety bugs. Here's how buffer overflows, use-after-free, and double-free still happen — and what actually catches them.

Jul 14, 20267 min read
Application Security

Fuzz testing for AppSec teams: AFL++, libFuzzer, and OSS-Fuzz

OSS-Fuzz has found over 13,000 vulnerabilities since 2016, yet most AppSec teams still treat fuzzing as a research curiosity rather than a pipeline stage.

Jul 12, 20267 min read
Application Security

The most common C++ vulnerability classes, and the tooling that catches them

Memory-safety bugs account for roughly 70% of high-severity CVEs in large C/C++ codebases at Microsoft and Google. Here's why, and what actually stops them.

Jul 11, 20267 min read
Application Security

Memory-Safety Vulnerabilities in C/C++: What Static and Dynamic Analysis Actually Catch

Roughly 70% of the CVEs Microsoft and Google's Chrome team assign each year trace to memory-unsafe C/C++ code — how static analysis, sanitizers, and fuzzers each catch a different slice of it.

Jul 8, 20267 min read
Application Security

An introduction to C and C++ memory-safety vulnerabilities

Microsoft has reported that roughly 70% of the CVEs it patches each year trace back to memory-safety bugs — here's what buffer overflows, use-after-free, and double-free actually look like.

Jul 7, 20268 min read
Best Practices

What is Fuzz Testing (Fuzzing)

Fuzz testing bombards software with malformed inputs to surface crashes and memory bugs. Here's how fuzzers work, what they've found, and where they fall short.

Feb 14, 20267 min read
Vulnerability Management

Automated Zero-Day Discovery: How AI Is Changing Vulnerability Research

AI-powered fuzzing and code analysis are accelerating zero-day discovery. Here's what that means for defenders.

Feb 3, 20266 min read
Vulnerability Management

Differential Testing for Supply Chain Vulns

Differential testing compares the behavior of multiple implementations of the same specification. In supply-chain work, it surfaces bugs that nobody else can see.

Oct 25, 20247 min read
Vulnerability Management

Fuzzing Open Source for Supply Chain Findings

How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.

Jul 15, 20247 min read
Concepts

What is Fuzzing

Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.

Apr 18, 20246 min read
fuzzing — Safeguard Blog