A surprising (for me) opinion I heard at #usesec23 Usenix Security 2023; You can claim CVEs in your fuzzer paper so long as you found them during your research in developing the concerned fuzzer. In particular, there is no expectation of reproducibility of such CVEs specifically using the fuzzer in the paper. I note that CVEs are still considered a sort of real world touchstone for fuzzers by many reviewers. I wonder what the consensus of the community is about this.