Tester Center: White-Box Fuzzing

The Tester Center recently added some more content. One of the new articles is a pretty good piece on Fuzzing, so check it out when you get a chance:


This article presents a case study of fuzzing during development of Microsoft Internet Security and Acceleration (ISA) Server 2006, and discusses efforts, bug density, and ROI. During this release, the internal testing team found over 30 bugs that were either Important or Critical according to Microsoft Security Response Center (MSRC) rankings in over 500 KLOC parsing code