Many software developers, legitimate security researchers and cybercriminals now use fuzzing -- a technique that bombards a running program's inputs with invalid, unexpected, or random data -- to test the robustness of its code. If the fuzz data causes the program to fail, crash, lock up, consume memory or produce uncontrolled errors in response to this pa-rameter manipulation, the developer or researcher knows that there is a flaw somewhere within the code. This is why fuzzers are often termed fault injectors, while fuzzing is also referred to as robustness testing or negative testing. The original fuzzer, Fuzz, was developed at the University of Wisconsin Madison in 1989 by Professor Barton Miller and his students.Microsoft uncovered more than 1,800 bugs in Office 2010 by running millions of fuzzing tests using not only machines in the company's labs, but also idle PCs throughout the company. Previous fuzz tests had involved a tester setting up a fuzzer on a single machine and then letting it run for as long as a week. I doubt that your applications are as large or as complex as Microsoft Office, but fuzzing can certainly play a role in your secure software development lifecycle.

**Hidden Content: Check the thread to see hidden data.**