Rahul Gopinath

A surprising (for me) opinion I heard at #usesec23 Usenix Security 2023; You can claim CVEs in your fuzzer paper so long as you found them during your research in developing the concerned fuzzer. In particular, there is no expectation of reproducibility of such CVEs specifically using the fuzzer in the paper. I note that CVEs are still considered a sort of real world touchstone for fuzzers by many reviewers. I wonder what the consensus of the community is about this.

Rahul Gopinath

Fuzzing is the primary tool for identifying vulnerabilities in applications. With a plethora of fuzzers available today, each boasting its unique exploration strategy, how do you determine which one aligns with your application? Especially considering that fuzzing is computationally expensive, making the right choice is crucial.


In our paper presented at Usenix Security 2023 (#usenix2023 #usenix), featured in Thursday's Track 6, we delve into this challenge. We demonstrate how mutation analysis, traditionally regarded as the gold standard for test suite evaluation, can be effectively applied to assess fuzzers. Moreover, we provide insights on mitigating the computational demands of mutation analysis through the smart evaluation of mutants. https://rahul.gopinath.org/publications/2023/04/26/systematic/

Rahul Gopinath

We ( @ccanonne@mastodon.xyz and I) are organizing the High School Fellowship 2023 from School of Computer Science, University of Sydney. Saturday was our first welcome event, attended by 50 high school students of high caliber and their parents.

Looking forward to the rest of the semester #usyd

Rahul Gopinath

Halp! My 6 year old is learning geometric shapes, and wants to know how to construct a _Left Angle Triangle_.

Rahul Gopinath

I want to setup a server where I can review and discuss software engineering and cybersecurity papers and tools with like minded folks. I am looking at https://bookwyrm.social as a potential candidate. Is there something like this already available?

Rahul GopinathSIGSOFT

The third issue of the 48th volume of Software Engineering Notes (SEN) is out.

dl.acm.org/toc/sigsoft/2023/48

This issue keeps posting on our established columns, like Peter Neumann’s Risks to the Public, Alex Groce’s Passages, and Bob Schaefer’s Academic Freedom and International Students, along with additional contributions.

SEN is edited by Jacopo Soldani

Rahul Gopinath

I feel like I am missing something very basic in Mac Ventura. Why am I unable to sort my files alphabetically? I have tried every option there is as suggested by google and stackoverflow answers, and I certainly am not using groups. #macos #userhostile

image.png 226.05 KB
Rahul Gopinath

The fediverse observer (https://fediverse.observer/map) is a map of all fediverse instances in the world.

https://fediverse.observer/map
Rahul Gopinath

I really wish #Zotero, and several other programs will just let me type in #markdown, and not automatically format the text. I do not want the particular changes in font and color with auto-formating that these programs provide, and I am really happy with plaintext and unadorned markdown. To make matters worse, when I copy these formatted text elsewhere, the original markdown is completely stripped.

Rahul GopinathAndreas Zeller

How to create the nastiest test inputs ever: My ten-minute #NeverWorkInTheory talk on automated software testing is now available at youtube.com/watch?v=GCy8bYJ_G0