DEV.co
Open-Source Testing · wcventure

FuzzingPaper

FuzzingPaper is a curated repository collecting recent academic papers on fuzzing research, organized by publication venue and year. It serves as a reference hub for developers and researchers interested in fuzzing techniques, coverage-guided testing, and vulnerability discovery across multiple domains (kernels, compilers, web apps, IoT, blockchain).

Source: GitHub — github.com/wcventure/FuzzingPaper
2.8k
GitHub stars
370
Forks
Unknown
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorywcventure/FuzzingPaper
Ownerwcventure
Primary languageUnknown
LicenseMIT — OSI-approved
Stars2.8k
Forks370
Open issues0
Latest releaseUnknown
Last updated2026-03-19
Sourcehttps://github.com/wcventure/FuzzingPaper

What FuzzingPaper is

A documentation/curation project (not a tool) that aggregates peer-reviewed fuzzing research from top-tier venues (CCS, SP, ASIACCS, ISSTA, FSE) spanning 2024–2025. Papers cover directed greybox fuzzing, LLM-assisted fuzzing, differential testing, binary analysis, protocol fuzzing, and domain-specific approaches (firmware, WebAssembly, 5G RAN, smart contracts).

Quickstart

Get the FuzzingPaper source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/wcventure/FuzzingPaper.gitcd FuzzingPaper# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Research & Literature Review

Ideal for security researchers, graduate students, and academics seeking a comprehensive snapshot of recent fuzzing advances and trends without manually browsing conference proceedings.

Fuzzing Tool Evaluation & Selection

Helps engineering teams survey state-of-the-art fuzzing methodologies and tools referenced in recent publications to inform tool adoption for specific domains (kernel, browser, firmware).

Security Team Benchmarking

Provides a curated reference of published fuzzing techniques and case studies for security teams designing vulnerability detection pipelines or comparing fuzzing strategies against peer implementations.

Implementation considerations

  • This is a curation/reference resource, not deployable software. Integration is reading/browsing papers or programmatically parsing the markdown/JSON for literature automation.
  • Paper links are external (ACM Digital Library, arXiv, IEEE). Accessing paywalled venues may require institutional subscription or author preprints.
  • Organization is by publication venue and year; no taxonomy by problem domain, tool, or technique maturity. Manual navigation or secondary classification needed for targeted searches.
  • No API, structured metadata, or machine-readable format provided beyond markdown. Automated ingestion would require custom parsing or external citation tools.
  • Accuracy and completeness depend on community contribution; no automated validation of paper links, metadata, or relevance. Stale or broken links possible over time.

When to avoid it — and what to weigh

  • Need a Runnable Fuzzing Tool — FuzzingPaper is a paper collection only; it does not provide executable code, frameworks, or libraries. Use it for research insight, not direct vulnerability scanning.
  • Require Production-Ready Implementations — This repository is not a software library or tool distribution. Papers describe techniques; actual implementations must be sourced from respective authors or dedicated fuzzing projects (libFuzzer, AFL, Syzkaller, etc.).
  • Need Long-Term Maintenance & Support — Contribution-driven curation with no explicit SLA or support model. Updates depend on community PRs and maintainer availability; not suitable for compliance-critical documentation requirements.
  • Seeking Hands-On Tutorials or Deployment Guides — Focused on academic paper links and metadata; lacks implementation tutorials, installation guides, or deployment walkthroughs. Expect to consult original papers and external tool repos.

License & commercial use

MIT License (Massachusetts Institute of Technology License). Permissive OSI-approved license allowing unrestricted use, modification, and distribution for any purpose, provided original copyright and license notice are retained.

MIT License permits commercial use without restriction or royalty. No license barrier to commercial distribution, derivative works, or incorporation into commercial products. However, verify that external paper links (ACM, IEEE, arXiv) respect academic copyright and access terms independently.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Not applicable. FuzzingPaper is a metadata/paper collection, not executable code or a service. No authentication, cryptography, or injection surfaces. GitHub repository access follows standard public repository security. However, users should verify the integrity and authenticity of external paper links (ACM, arXiv) before trusting research results or adopting techniques in production systems.

Alternatives to consider

ACM Digital Library / IEEE Xplore (Direct Search)

Provides authoritative, indexed access to all papers with advanced filtering by conference, year, keyword. Better for complex queries but requires subscriptions; no curation benefit.

arXiv (cs.CR / cs.SE Categories)

Free preprints of many published papers with RSS feeds and search. Good for researchers but lacks domain-specific grouping by fuzzing venue or methodology.

Fuzzing Tools Repositories (libFuzzer, AFL, Syzkaller, etc.)

If seeking executable fuzzing implementations rather than research references. These provide runnable code, benchmarks, and community support for practical fuzzing deployment.

Software development agency

Build on FuzzingPaper with DEV.co software developers

Use FuzzingPaper to evaluate state-of-the-art fuzzing techniques. Our team can help you implement custom fuzzing strategies, select tools for your domain, and integrate vulnerability detection into your CI/CD. Contact us for a security engineering consultation.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

FuzzingPaper FAQ

Can I use papers from this repo in my security audit or vulnerability program?
FuzzingPaper is a reference collection only. To apply techniques, consult the original papers, implement from academic descriptions, or use published tools (AFL, libFuzzer, etc.) that operationalize the research. Verify copyright and access rights for each paper independently.
Is there a structured API to query papers by domain, technique, or tool?
No API is provided. Papers are organized as markdown grouped by venue/year. Custom parsing or secondary indexing (e.g., via citation managers or custom scripts) is needed for programmatic access or domain-specific queries.
How current is this collection? Are 2025 papers included?
Yes. The repository includes papers through early 2025 (ASIACCS 2025, SP 2025, CCS 2024, ISSTA 2024, FSE 2024, etc.). Updates are community-driven via pull requests. Completeness depends on contributor vigilance.
Can I deploy or run this as a tool or service?
No. FuzzingPaper is a static documentation/curation project, not executable software. Clone it for offline reference or integrate links into your research workflow, but expect no runtime behavior or production tooling.

Software developers & web developers for hire

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If FuzzingPaper is part of your open-source testing roadmap, our team can implement, customize, migrate, and maintain it.

Build Smarter Fuzzing into Your Security Pipeline

Use FuzzingPaper to evaluate state-of-the-art fuzzing techniques. Our team can help you implement custom fuzzing strategies, select tools for your domain, and integrate vulnerability detection into your CI/CD. Contact us for a security engineering consultation.