2025-10-24 –, Talk 2
Many a presenter, including myself, has talked about fuzzing. Usually, we touch on a small amount of theory and then show off what a cool tool we built or what a difficult target we fuzzed. Instead this talk will focus on fuzzing history. Where did we start? How did we get here? What were the turning points along the way? For each major development, we'll cover a motivating example, the theory behind a solution, and a tiny implementation until we arrive at the modern day.
This presentation is for both people who are interested in fuzzing as a security method and practitioners who do it on a daily basis. Because I'll be starting at the beginning, attendees won't need any previous fuzzing knowledge or experience, but some knowledge of common software defects like memory corruption and some knowledge of general testing practice will help contextualize the topic.
Rowan is a Senior Security Engineer at Microsoft and previously worked at Intel as a fuzzing researcher. He also dabbles in security tooling as a hobbyist and as a writer. When not at the computer, you can find him at the skate park, on Mt. Hood, or on the rock wall.