Stay focused on fuzzy tests, warn security experts The idea of throwing random test data at a program to see if it cracks has been around in one form or another since the beginning of software development. A formalized approach called fuzzing, based on Professor Barton Miller's work at the University of Wisconsin in the late 1980s, is undergoing a revival as a means of testing …
Yeah it has been around for quite sometime - and it is just automated testing really on all the different input levels.
But, it allows you to bring in some rather esoteric computer science techniques, so genetic algorithms can be useful, libraries of old exploits can be abstracted and detection of compromise honed.
With the improvement in computing speeds and parallel computing it becomes more powerful day by day.
The Fuzzing book is ok, but I do think they hold back a bit and some of their conclusions early on are more rule of thumb just waiting to be broken, but still an excellent read.
Obviously the logical move from fuzzing is back to ideas such as Z and formal specification where the program has to be mathematically proven to work, though oddly no one often wants to pay for that style of work, maybe fuzzing will make that side of things more appealing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
