{"id":"https://openalex.org/W3109101477","doi":"https://doi.org/10.1145/3368089.3409729","title":"Fuzzing: on the exponential cost of vulnerability discovery","display_name":"Fuzzing: on the exponential cost of vulnerability discovery","publication_year":2020,"publication_date":"2020-11-08","ids":{"openalex":"https://openalex.org/W3109101477","doi":"https://doi.org/10.1145/3368089.3409729","mag":"3109101477"},"language":"en","primary_location":{"id":"doi:10.1145/3368089.3409729","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3368089.3409729","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005260100","display_name":"Marcel B\u00f6hme","orcid":"https://orcid.org/0000-0002-4470-1824"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Marcel B\u00f6hme","raw_affiliation_strings":["Monash University, Australia"],"raw_orcid":"https://orcid.org/0000-0002-4470-1824","affiliations":[{"raw_affiliation_string":"Monash University, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059042832","display_name":"Brandon Falk","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Brandon Falk","raw_affiliation_strings":["Gamozo Labs, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Gamozo Labs, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5005260100"],"corresponding_institution_ids":["https://openalex.org/I56590836"],"apc_list":null,"apc_paid":null,"fwci":14.4203,"has_fulltext":false,"cited_by_count":62,"citation_normalized_percentile":{"value":0.99020065,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"713","last_page":"724"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9689053893089294},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7436491847038269},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7027203440666199},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6936393976211548},{"id":"https://openalex.org/keywords/exponential-growth","display_name":"Exponential growth","score":0.5806546211242676},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.536517322063446},{"id":"https://openalex.org/keywords/cover","display_name":"Cover (algebra)","score":0.5329350829124451},{"id":"https://openalex.org/keywords/exponential-function","display_name":"Exponential function","score":0.5326124429702759},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5164740085601807},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3319074213504791},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.20607101917266846},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2025589942932129},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.18203043937683105},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.13654553890228271},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11303526163101196},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.07436901330947876}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9689053893089294},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7436491847038269},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7027203440666199},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6936393976211548},{"id":"https://openalex.org/C75235859","wikidata":"https://www.wikidata.org/wiki/Q582659","display_name":"Exponential growth","level":2,"score":0.5806546211242676},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.536517322063446},{"id":"https://openalex.org/C2780428219","wikidata":"https://www.wikidata.org/wiki/Q16952335","display_name":"Cover (algebra)","level":2,"score":0.5329350829124451},{"id":"https://openalex.org/C151376022","wikidata":"https://www.wikidata.org/wiki/Q168698","display_name":"Exponential function","level":2,"score":0.5326124429702759},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5164740085601807},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3319074213504791},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.20607101917266846},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2025589942932129},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.18203043937683105},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.13654553890228271},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11303526163101196},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.07436901330947876},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3368089.3409729","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3368089.3409729","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.4699999988079071,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W2012210872","https://openalex.org/W2137530017","https://openalex.org/W2186070848","https://openalex.org/W2340281863","https://openalex.org/W2535617737","https://openalex.org/W2613534458","https://openalex.org/W2757104921","https://openalex.org/W2766540688","https://openalex.org/W2777404089","https://openalex.org/W2777430404","https://openalex.org/W2963147982","https://openalex.org/W2974819274","https://openalex.org/W2986387534","https://openalex.org/W3104664063","https://openalex.org/W4244413641"],"related_works":["https://openalex.org/W4394883359","https://openalex.org/W1602624896","https://openalex.org/W1519862060","https://openalex.org/W1634993130","https://openalex.org/W2104564563","https://openalex.org/W32300376","https://openalex.org/W2794917831","https://openalex.org/W2013108996","https://openalex.org/W3023224836","https://openalex.org/W1990369157"],"abstract_inverted_index":{"We":[0],"present":[1],"counterintuitive":[2],"results":[3],"for":[4,55,73],"the":[5,10,15,28,38,46,82,97,112],"scalability":[6],"of":[7,115],"fuzzing.":[8],"Given":[9],"same":[11,16,47,83,98],"non-deterministic":[12],"fuzzer,":[13],"finding":[14,41,103],"bugs":[17,35,44],"linearly":[18,21,42,91],"faster":[19],"requires":[20,49],"more":[22,43,51,70,77],"machines.":[23,52,71],"For":[24,53],"instance,":[25,54],"with":[26],"twice":[27,69],"machines,":[29,78],"we":[30,59,66,79],"can":[31,80],"find":[32,62],"all":[33],"known":[34],"in":[36,45,63],"half":[37],"time.":[39],"Yet,":[40],"time":[48],"exponentially":[50,76,85],"every":[56],"new":[57,104],"bug":[58],"want":[60],"to":[61],"24":[64],"hours,":[65],"might":[67],"need":[68],"Similarly":[72],"coverage.":[74],"With":[75],"cover":[81],"code":[84,89],"faster,":[86],"but":[87,102],"uncovered":[88],"only":[90],"faster.":[92],"In":[93],"other":[94],"words,":[95],"re-discovering":[96],"vulnerabilities":[99,105],"is":[100,106],"cheap":[101],"expensive.":[107],"This":[108],"holds":[109],"even":[110],"under":[111],"simplifying":[113],"assumption":[114],"no":[116],"parallelization":[117],"overhead.":[118]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":14},{"year":2022,"cited_by_count":14},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}