Multiple techniques and tools, including static analysis and testing, should be used for software assurance. Fuzz testing is one such technique that can be effective for finding security vulnerabilities. In contrast with traditional testing, fuzz testing only monitors the program for crashes or other undesirable behavior. This makes it feasible to run a very large number of test cases. This article describes fuzz testing, its strengths and limitations, and an example of its application for detecting the Heartbleed bug.
Rockrohr, J. D. (2008). Test and Diagnostics. In High Speed Serdes Devices and Applications (pp. 297–344). Springer US. https://doi.org/10.1007/978-0-387-79834-9_7