Events

Fuzz testing has passed its 35 th birthday and, in that time, has gone from a disparaged and mocked technique to one that is the foundation of many efforts in software engineering and testing. The key idea behind fuzz testing is using random input and having an extremely simple test oracle that only looks for crashes or hangs in the program. Importantly, in all our studies, all our tools, test data, and results were made public so that others could reproduce the work. In addition, we located the cause of each failure that we caused and identified the common causes of such failures. In the last several years, there has been a huge amount of progress and new developments in fuzz testing. Hundreds of papers have been published on the subject and dozens of PhD dissertations have been produced. In this talk, I will review the progress over the last 35 years describing our simple approach – using what is now called black box generational testing – and show how it is still relevant and effective today. In 1990, we published the results of a study of the reliability of standard UNIX application/utility programs. This study showed that by using simple (almost simplistic) random testing techniques, we could crash or hang 25-33% of these utility programs. In 1995, we repeated and significantly extended this study using the same basic techniques: subjecting programs to random input streams. This study also included X-Window applications and servers. A distressingly large number of UNIX applications still crashed with our tests. X-window applications were at least as unreliable as command-line applications. The commercial versions of UNIX fared slightly better than in 1990, but the biggest surprise was that Linux and GNU applications were significantly more reliable than the commercial versions. In 2000, we took another stab at random testing, this time testing applications running on Microsoft Windows. Given valid random mouse and keyboard input streams, we could crash or hang 45% (NT) to 64% (Win2K) of these applications. In 2006, we continued the study, looking at both command-line and GUI-based applications on the relatively new Mac OS X operating system. While the command-line tests had a reasonable 7% failure rate, the GUI-based applications, from a variety of vendors, had a distressing 73% failure rate. Recently, we decided to revisit our basic techniques on commonly used UNIX systems. We were interested to see that these techniques were still effective and useful. In this talk, I will discuss our testing techniques and then present the various test results in more detail. These results include, in many cases, identification of the bugs and the coding practices that caused the bugs. In several cases, these bugs introduced issues relating to system security. The talk will conclude with some philosophical musings on the current state of software development. Papers on the four studies (1990, 1995, 2000, 2006, and 2020), the software and the bug reports can be found at the UW fuzz home page: http://www.cs.wisc.edu/~bart/fuzz/ About the Speaker: Barton Miller is the Vilas Distinguished Achievement Professor at UW-Madison Miller is a co-PI on the Trusted CI NSF Cybersecurity Center of Excellence, where he leads the software assurance effort. His research interests include software security, in-depth vulnerability assessment, binary and malicious code analysis and instrumentation, extreme scale systems, and parallel and distributed program measurement and debugging. In 1988, Miller founded the field of Fuzz random software testing, which is the foundation of many security and software engineering disciplines. In 1992, Miller (working with his then­student Prof. Jeffrey Hollingsworth) founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation”. Miller is a Fellow of the ACM and recently won the Jean Claude Laprie Award in dependable computing for his work on fuzz testing. Miller was a member of the FAA VECTOR Task Force reviewing cybersecurity of the U.S. aviation infrastructure. He was the chair of the Institute for Defense Analysis Center for Computing Sciences Program Review Committee, member of the U.S. National Nuclear Safety Administration Los Alamos and Lawrence Livermore National Labs Cyber Security Review Committee (POFMR), member of the Los Alamos National Laboratory Computing, Communications and Networking Division Review Committee, has been on the U.S. Secret Service Electronic Crimes Task Force (Chicago Area) is currently an advisor to the Wisconsin National Guard 176 th Cyber Prevention Team and the Wisconsin Security Research Consortium. Room: 302, Bldg: Madison Central Library, 201 West Mifflin Street, Madison, Wisconsin, United States, 53703, Virtual: https://events.vtools.ieee.org/m/558704

Please join us for the Missouri Slope IEEE annual Picnic at the New Generation Park Far West Rotary Community Center on June 9th from 5:00-7:30 PM. IEEE will be providing dinner and dessert, as well as non-alcoholic and alcoholic beverages. Please RSVP and tell the number of people attending by June 9th for an accurate headcount for the catering and drinks. 1021 Mustang Drive, Bismarck, North Dakota, United States, 58503

IEEE Toledo is gathering at Earnest Brew Works at 4342 S. Detroit Ave, Toledo, Ohio (at intersection of S.Bryne and S.Detroit) on Thursday, June 11th from 5-7pm. Join us there and enjoy a social beverage or two. Earnest Brew has a food truck that you can buy a meal from. Look for the tables with the IEEE printouts and me in a black IEEE T-shirt. Drop in any time from 5 until 7. Note that this is an informal event and IEEE will not be providing food or drinks. No registration is needed. We are looking for ways to meet up with fellow members! If these events are popular, we hope to have more similar activities in the future. Please reach out to us [email protected] with any questions or suggestions. Location: https://www.earnestbrewworks.com/south-toledo/ IEEE Toledo Site: https://r4.ieee.org/toledo/ LinkedIn: https://www.linkedin.com/company/ieee-toledo-section/ Facebook: https://www.facebook.com/ieeetoledo/ 4342 S. Detroit Ave, Toledo, Ohio, Toledo, Ohio, United States, 43614

Join us on the 67th floor of Willis Tower at The Metropolitan Club for an evening of networking, conversation, and modern business insight as MET Tech Club presents AI After Hours: Working Smarter with GenAI. The night begins with a social networking hour featuring a live DJ, light bites, cocktails, and skyline views before transitioning into an informative panel session hosted by Member Patrick Flanagan, AI Specialist at Salesforce. Together, we’ll explore how professionals across industries are leveraging GenAI to streamline workflows, increase productivity, and rethink the way they work. Designed for curious professionals, innovators, and forward-thinking leaders, this event offers a practical and approachable look at the growing role of AI in modern business—paired with an elevated social atmosphere and sweeping views of the Chicago skyline. Light bites provided with a cash bar available for purchase. The Metropolitan Club is a business casual environment, business casual attire is required to attend, no jeans or t-shirts or running shoes allowed. Please also bring a photo ID with you like driver's license for registration at the front desk. More details and registration at: https://events.humanitix.com/ai-after-hours-working-smarter-with-genai Please register before June 9 so we can add you into the security registration desk. Co-sponsored by: The Metropolitan Club Technology Club Room: 67th floor, Bldg: The Metropolitan Club, 233 S Wacker Drive, Chicago, Illinois, United States

The IEEE Southeastern Michigan Section Monthly ExCom (Executive Committee) Meeting (every 2nd Thursday of the month) same time 6:30 PM EST/EDT (This is an IN PERSON/Hybrid meeting, unless stated otherwise). We will discuss Section mission objectives, guidance, direction, as well as all the chapter/affinity groups/student branches and section committee reports, events, plans, opportunities to assist each other and help create value for our members. All IEEE members are welcome to attend, but they do need to register in order to receive the webex details. NOTE: All Chapter/Affinity Groups/Student Branch Chairs are required to update and inform all attendees of their past/current activities and plans for the year. A standard template is provided - which every member can view. If the chairs cannot attend, they are required to nominate one of their current chapter/affinity group/student branch officers to attend on their behalf. https://drive.google.com/drive/folders/1mrCOzBVIofTLZ4Z5eovGza4VN6amLgz1?usp=sharing Co-sponsored by: Sharan Kalwani Speaker(s): Christopher Johnson, Sharan Kalwani Agenda: Published on google drive - link sent each month via email to ALL the chapter/Affinity Group/Student Branch/Committee chairs. Ensure you are listed on the ExCom listserv as well (contact [email protected] in case of doubt) https://drive.google.com/drive/folders/1mrCOzBVIofTLZ4Z5eovGza4VN6amLgz1?usp=sharing Room: 450, Bldg: Engineering Society of Detroit, 20700 Civic Center Drive, Southfield, Michigan, United States, 48076, Virtual: https://events.vtools.ieee.org/m/525079