Technical Paper
Processing Fuzz Testing Results into an Evidence Report
2023-04-11
2023-01-0039
In recent years, fuzz testing has established itself as a reliable and indispensable testing method for finding previously unknown and product specific vulnerabilities within the code base of automotive systems. As such, we see increased requirements for automotive products that call for fuzz testing per default. Based on the semidecidable characteristic for finding fuzz testing results, i.e., virtually an infinite test space, it is a non-trivial task to generate plausible evidence that sufficient fuzz testing has been applied to the target system. In this paper, starting from fuzz test result generation, we specify the individual steps necessary for preparing a sound evidence report. We describe how evidence is created in this context and which information is relevant. The traceability of fuzz testing product requirements is a driving factor thereby.