Abstract

A recent fintech lecture revealed that complex tech, like crypto, requires expert intermediaries to abstract risk from non-expert users. Software security faces a similar adoption crisis, as the “shift left” movement burdens developers with the raw complexity of fuzzing tools. Hence fuzzing research must evolve from building powerful tools to creating autonomous, integrated solutions that make fuzzing accessible.

본문

A recent lecture by a crypto infrastructure firm’s CEO illustrated that complex, raw systems are unusable without expert intermediaries. The speaker noted that Bitcoin, despite its decentralized philosophy, requires intermediaries like BlackRock and his company, Wavebridge, for institutional adoption. These firms are necessary because they manage intractable risks like technical and regulatory burdens, that non-experts will not accept.

This principle of abstracting complexity is just as critical in software security. The “shift left” movement in software security pushes raw complexity onto non-expert developers. Many new fuzzing tools show success on benchmarks like MAGMA, but are difficult to apply to new programs. A lack of automation for tasks like defining target locations or corpora burdens developers with complex setup. This demand on non-experts is the primary barrier to adoption.

Our research must deliver this same expert abstraction by building integrated solutions that automate the entire fuzzing lifecycle. These systems would automate everything from setup and target selection to root cause analysis, acting as the intermediary non-experts lack. This approach would democratize fuzzing, allowing far more developers to contribute to security. Embedding this automated expertise into our tools will help build a significantly safer software ecosystem.