Fuzzing is one of the most effective and low-cost techniques for finding bugs and building resilient software. However, it is frequently too effective. Fuzzing tends to produce hundreds or thousands of crashes, each a candidate vulnerability that must be reviewed and prioritized for mitigation. Many of the crashes will have the same root cause but initially appear to be unique.
Current approaches to automated software vulnerability analysis don’t score the exploitability of discovered vulnerabilities, leaving users to triage manually with heuristics. Parsing through the results takes time and a level of familiarity with fuzzers that most developers lack.
We believe that fuzzing should be more accessible for non-security users and should include a post-processing component that automatically groups crashes with similar fundamental causes and categorizes their severity.
That’s why we engineered Sienna Locomotive. It brings fuzzing and crash triage to developers in an immediately deployable system capable of operating in-house and offline on Windows software. It reduces the time, resources and expertise required to take advantage of fuzzing, and delivers intelligent insight from the fuzzers’ results.
We continue to pursue advanced research in taint analysis, symbolic execution, constraint solving, and concolic execution to improve the functionality of the industry-standard fuzzers wrapped up in Sienna Locomotive: Radamsa and AFL.
If you need a highly scalable, self-triaging fuzzer engineered with the latest best practices to run on-site for your organization, then contact us.