Aug 23, 2017
This month Synopsys put out their State of Fuzzing 2017 report. It's useful data, but the context of the collection and the metrics used to evaluate failures is very important. I talked with Chris Clark, Principal Security Engineer for Strategic Initiatives at Synopsys, to discuss the report.
Key points from the podcast and report include:
Two examples on the last point.
Other points:
As Chris stated, this should be considered a top level view of the state of the ICS protocol robustness. The key is to understand where these numbers come from and not read more into them than the constraints warrant. And we should appreciate that ICS vendors are doing this type of testing.
Note: I apologize for the voice quality of this. It was a combination of a mistake I made in setup and marginal line quality. It is not difficult to understand, but not pleasant to the ear. I will do better.