Vranken: The OpenVPN post-audit bug bonanza

Guido Vranken describeshis efforts to fuzz-test OpenVPN and the bug reports that resulted."Most of this issues were found through fuzzing. I hate admitting it,but my chops in the arcane art of reviewing code manually, acquired throughgrueling practice, are dwarfed by the fuzzer in one fell swoop; themortal's mind can only retain and comprehend so much information at a time,and for programs that perform long cycles of complex, deeply nestedoperations it is simply not feasible to expect a human to perform anencompassing and reliable verification."