Test generation

Carlos Pacheco, Shuvendu K. Lahiri, Michael D. Ernst, and Thomas Ball. “Feedback-directed random test generation”. In International Conference on Software Engineering (ICSE), pages 75–84, Minneapolis, MN, USA, May 2007.
[IEEE]

Vijay Ganesh, Tim Leek, and Martin C. Rinard. “Taint-based directed whitebox fuzzing”. In International Conference on Software Engineering (ICSE), pages 474–484, Vancouver, BC, Canada, May 2009.
[IEEE]

Question: The Pacheco et al. Randoop paper (first reading) is somewhat atypical among papers I've picked for this course in that it doesn't explicitly mention a security application. However you can probably guess that I think this technique could be used for generating tests related to security. Outline a specific security application of this technology that you think would work well: i.e., give a class of subject programs and a class of security problems that tests generated with this approach would help reveal.

Historic

Barton P. Miller, Lars Fredriksen, and Bryan So. “An empirical study of the reliability of UNIX utilities”. Communications of the ACM, 33(12):32–44, 1990.
[ACM]

The original meaning of "fuzz testing" was to supply completely random binary data to programs, which at the time was already good at revealing bugs. The term was later reused for the related approach of making random modifications to realisitc benign inputs.