Mapping metrics and procedures to maturity levels
Fuzz testing is a highly effective technique for locating vulnerabilities in software. Malformed and unexpected inputs are delivered to the target software, and when failures occur, vulnerabilities have been located. Fuzzing is a widely recognized technique for improving the security, robustness, and safety of software. However, fuzzing is an open-ended pursuit—an infinite space problem. So, how do you know when you’ve fuzzed enough?
This white paper maps metrics and procedures to maturity levels that indicate how much fuzzing your firm is conducting. The maturity model explored within this resource acts as a lingua franca when discussing fuzzing. It also allows diverse organizations to communicate effectively about fuzzing without being tied to specific tools.