I already employ OSS fuzzing, what does a commercial solution like Mayhem have to offer?
Mayhem offers several benefits above that which OSS fuzzers provide:
- Speed. Offload your fuzzing to the Mayhem platform, and configure it with as many cores as you want, to get fast, multi-threaded fuzzing.
- Intelligence. Mayhem uses a proprietary implementation of symbolic execution to look deeply into a program and discover newer, deeper paths faster than other fuzzers.
- Triage. Mayhem keeps track of defects and crashes, stores their backtraces, and associates them with relevant CWEs to faciliate better defect management within an organization.
- Compatibility. If you are already fuzzing with an open source fuzzing tool such as Honggfuzz, libFuzzer or AFL, we support it! Mayhem can help you drive the testing of these targets asynchronously without modification to the target.
- Regression testing. Mayhem has built in regression testing that allows you to ensure no regressions are introduced in a particular release within a matter of minutes.