Software Integrity Blog


What is the state of fuzz testing in 2017?

what is the state of fuzz testing in 2017?

In a new report, Synopsys examines new insights into areas of software development where further testing remains. By analyzing over 4.8 billion protocol-based tests, the Synopsys State of Fuzzing 2017 report qualifies the relative levels of maturity in terms of quality and security across more than 250 protocols found in industry verticals such as industrial control systems, medical, financial, government, and the Internet of Things (IoT).

Check out the State of Fuzzing 2017 report to get all the findings.

Download the report

The report, based on data from Synopsys’ fuzz testing operations, explores the following questions:

  • What industries would benefit most from fuzzing today?
  • What protocols should industry verticals be testing?
  • How long should you fuzz?
  • What are some of the more and less mature network protocols today?


In 2014, Synopsys’ fuzz testing product was used to identify the infamous Heartbleed vulnerability in OpenSSL. It had gone unidentified for more than two years and impacted more than 500,000 websites.

Synopsys’ fuzzing solution uncovers hidden, unknown vulnerabilities. It also helps organizations improve software security with advanced test suites for 250+ standard network protocols, file formats, and other interfaces. It not only uncovers dangerous unknown vulnerabilities, but also provides expert remediation advice to help organizations future-proof the software they rely on.

“Fuzz testing is a powerful component of the Synopsys Software Integrity Platform to uncover zero-day vulnerabilities and help organizations protect their software,” said Andreas Kuehlmann, Senior Vice President and General Manager for the Synopsys Software Integrity Group. “By analyzing such a large data set from our customers, the Synopsys fuzzing report provides visibility into unknown, hard-to-find vulnerabilities and highlights where security teams should look to improve the quality and security of their software.”

Other key findings from the report include:
  • The overall average time to first failure (TTFF)—the first instance when a protocol crash is recorded—was 1.4 hours. In the case of more mature protocols, the length of time is in hours. But with less mature protocols, that time could be as short as a few seconds, indicating a higher likelihood of exploitable vulnerabilities.
  • The least mature protocol tested in 2016 was IEC-61850 MMS (ICS). This is a niche protocol used in IoT and industrial control systems. The average TTFF for IEC-61850 MMS was 6.6 seconds.
  • The most mature protocol tested in 2016 was TLS client (Core IP). This is commonly used for secure web browsing including online banking and e-commerce. The average TTFF for TLS client was 9 hours.

In today’s Fault Injection Podcast, focusing on fuzzing, Chris Clark, Principal Security Engineer at Synopsys, said of the report:

“It’s always surprising for us when we go and when we talk with the customer. We ask what protocols they use, we get a list of protocols, and we say, “OK, let’s validate that, let’s check that.” We’ll use something like an In Map or some other protocol, or other tool to look at the protocols that are being listed, and we always find there’s some extras that aren’t included.”

Dig into the details of the report in the latest Fault Injection Podcast episode.
Listen now

More by this author