{"id":"https://openalex.org/W4402527176","doi":"https://doi.org/10.1145/3678722.3685534","title":"Effective Fuzzing within CI/CD Pipelines (Registered Report)","display_name":"Effective Fuzzing within CI/CD Pipelines (Registered Report)","publication_year":2024,"publication_date":"2024-09-13","ids":{"openalex":"https://openalex.org/W4402527176","doi":"https://doi.org/10.1145/3678722.3685534"},"language":"en","primary_location":{"id":"doi:10.1145/3678722.3685534","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678722.3685534","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM International Fuzzing Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3678722.3685534","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090807788","display_name":"Arindam Sharma","orcid":"https://orcid.org/0000-0001-5361-1057"},"institutions":[{"id":"https://openalex.org/I47508984","display_name":"Imperial College London","ror":"https://ror.org/041kmwe10","country_code":"GB","type":"education","lineage":["https://openalex.org/I47508984"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Arindam Sharma","raw_affiliation_strings":["Imperial College London, London, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Imperial College London, London, United Kingdom","institution_ids":["https://openalex.org/I47508984"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053355200","display_name":"Cristian Cadar","orcid":"https://orcid.org/0000-0002-3599-7264"},"institutions":[{"id":"https://openalex.org/I47508984","display_name":"Imperial College London","ror":"https://ror.org/041kmwe10","country_code":"GB","type":"education","lineage":["https://openalex.org/I47508984"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Cristian Cadar","raw_affiliation_strings":["Imperial College London, London, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Imperial College London, London, United Kingdom","institution_ids":["https://openalex.org/I47508984"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5057538904","display_name":"Jonathan Metzman","orcid":"https://orcid.org/0000-0002-7042-0444"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jonathan Metzman","raw_affiliation_strings":["Google, New York, USA"],"affiliations":[{"raw_affiliation_string":"Google, New York, USA","institution_ids":["https://openalex.org/I1291425158"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5090807788"],"corresponding_institution_ids":["https://openalex.org/I47508984"],"apc_list":null,"apc_paid":null,"fwci":1.5522,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.85448916,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"52","last_page":"60"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9944000244140625,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9126393795013428},{"id":"https://openalex.org/keywords/pipeline-transport","display_name":"Pipeline transport","score":0.592118501663208},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5135169625282288},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3845270276069641},{"id":"https://openalex.org/keywords/environmental-science","display_name":"Environmental science","score":0.22867467999458313},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.16563749313354492},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.09780195355415344}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9126393795013428},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.592118501663208},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5135169625282288},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3845270276069641},{"id":"https://openalex.org/C39432304","wikidata":"https://www.wikidata.org/wiki/Q188847","display_name":"Environmental science","level":0,"score":0.22867467999458313},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.16563749313354492},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.09780195355415344},{"id":"https://openalex.org/C87717796","wikidata":"https://www.wikidata.org/wiki/Q146326","display_name":"Environmental engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3678722.3685534","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678722.3685534","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM International Fuzzing Workshop","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3678722.3685534","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678722.3685534","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM International Fuzzing Workshop","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W198732646","https://openalex.org/W1982809790","https://openalex.org/W2029706450","https://openalex.org/W2105983962","https://openalex.org/W2107147876","https://openalex.org/W2279657578","https://openalex.org/W2766540688","https://openalex.org/W2784088285","https://openalex.org/W2911282308","https://openalex.org/W3089408602","https://openalex.org/W3122174321","https://openalex.org/W3213337076","https://openalex.org/W4281388078","https://openalex.org/W4323338666","https://openalex.org/W6839211628","https://openalex.org/W6902242468"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W3203597304","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4248424560","https://openalex.org/W3023977444","https://openalex.org/W4210660460"],"abstract_inverted_index":{"Deploying":[0],"fuzzing":[1,15],"within":[2],"CI/CD":[3,26,53,95,152],"pipelines":[4],"can":[5,93],"help":[6],"ensure":[7],"safe":[8],"and":[9,77,181,193,202,210,225],"secure":[10],"code":[11],"evolution.":[12],"Directed":[13],"greybox":[14],"techniques":[16,29,49],"such":[17],"as":[18],"AFLGo":[19,201],"are":[20,88],"a":[21,118,167,194],"good":[22],"match":[23],"for":[24,51,98,102,150,227],"the":[25,37,48,67,72,79,104,142,187,208],"context.":[27],"These":[28],"prioritise":[30],"inputs":[31],"based":[32],"on":[33,144],"estimated":[34],"distances":[35,43],"to":[36,113,138,185],"changed":[38],"code.":[39],"Unfortunately,":[40],"computing":[41,78],"these":[42],"is":[44,108,127],"often":[45],"expensive,":[46],"making":[47,147],"impractical":[50],"short":[52,151],"runs.":[54],"In":[55],"this":[56],"paper,":[57],"we":[58],"propose":[59],"an":[60,83,124,182],"AFLGo-based":[61],"technique":[62],"called":[63],"PaZZER,":[64],"which":[65],"optimises":[66],"distance":[68,105,134,222],"calculation":[69],"by":[70],"dropping":[71],"expensive":[73],"control-flow":[74],"graph":[75],"component":[76,81],"call-graph":[80],"in":[82,133,215],"incremental":[84,125],"fashion.":[85],"Preliminary":[86],"results":[87],"promising,":[89],"showing":[90],"that":[91],"PaZZER":[92,137],"make":[94],"testing":[96],"feasible":[97],"large":[99],"applications:":[100],"eg.":[101],"Objdump":[103],"computation":[106,135,223],"time":[107,131,143],"decreased":[109],"from":[110,166],"34":[111],"min":[112,121],"just":[114],"2.5":[115],"min,":[116],"with":[117],"further":[119],"2.3":[120],"saved":[122],"when":[123],"algorithm":[126],"used.":[128],"The":[129],"significant":[130],"reduction":[132],"allows":[136],"use":[139],"most":[140],"of":[141,154,170,173,189,212,217],"actual":[145],"fuzzing,":[146],"it":[148,199],"practical":[149],"runs":[153],"around":[155],"10":[156],"minutes.":[157],"Our":[158],"planned":[159],"full":[160],"evaluation":[161],"will":[162,177,206],"involve":[163],"real-world":[164],"commits":[165],"diverse":[168],"set":[169],"9":[171],"applications":[172],"different":[174],"sizes.":[175],"This":[176],"include":[178],"coverage":[179],"experiments":[180],"ablation":[183],"study":[184,197],"investigate":[186],"impact":[188],"PaZZER's":[190],"design":[191],"decisions,":[192],"bug-finding":[195],"case":[196],"comparing":[198],"against":[200],"Google's":[203],"CIFuzz.":[204],"We":[205],"assess":[207],"benefits":[209],"effectiveness":[211],"our":[213],"approach":[214],"terms":[216],"patch":[218,220],"coverage,":[219],"proximity,":[221],"time,":[224],"time-to-exposure":[226],"bugs.":[228]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2025-12-27T23:08:20.325037","created_date":"2025-10-10T00:00:00"}