Assurances in software testing: a roadmap

Marcel Bohme

doi:10.1109/ICSE-NIER.2019.00010

Assurances in software testing: a roadmap

Marcel Bohme

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

7 Citations (Scopus)

Abstract

As researchers, we already understand how to make testing more effective and efficient at finding bugs. However, as fuzzing (i.e., automated testing) becomes more widely adopted in practice, practitioners are asking: Which assurances does a fuzzing campaign provide that exposes no bugs? When is it safe to stop the fuzzer with a reasonable residual risk? How much longer should the fuzzer be run to achieve sufficient coverage? It is time for us to move beyond the innovation of increasingly sophisticated testing techniques, to build a body of knowledge around the explication and quantification of the testing process, and to develop sound methodologies to estimate and extrapolate these quantities with measurable accuracy. In our vision of the future practitioners leverage a rich statistical toolset to assess residual risk, to obtain statistical guarantees, and to analyze the cost-benefit trade-off for ongoing fuzzing campaigns. We propose a general framework as a first starting point to tackle this fundamental challenge and discuss a large number of concrete opportunities for future research.

Original language	English
Title of host publication	Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering
Subtitle of host publication	New Ideas and Emerging Results, ICSE-NIER 2019
Editors	Anita Sarma, Leonarado Murta
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	5-8
Number of pages	4
ISBN (Electronic)	9781728117584
ISBN (Print)	9781728117591
DOIs	https://doi.org/10.1109/ICSE-NIER.2019.00010
Publication status	Published - 2019
Event	International Conference on Software Engineering 2019: New Ideas and Emerging Results - Fairmont The Queen Elizabeth Hotel, Montreal, Canada Duration: 25 May 2019 → 31 May 2019 Conference number: 41st https://ieeexplore.ieee.org/xpl/conhome/8790673/proceeding (Proceedings)

Conference

Conference	International Conference on Software Engineering 2019
Abbreviated title	ICSE-NIER 2019
Country/Territory	Canada
City	Montreal
Period	25/05/19 → 31/05/19
Other	Track within the International Conference on Software Engineering
Internet address	https://ieeexplore.ieee.org/xpl/conhome/8790673/proceeding (Proceedings)

Keywords

Cost benefit tradeoff
Guarantees
Residual risk
Statistics

Access to Document

10.1109/ICSE-NIER.2019.00010

Cite this

@inproceedings{fdab9b26a63f4eaab550174bb9d5a2c1,

title = "Assurances in software testing: a roadmap",

abstract = "As researchers, we already understand how to make testing more effective and efficient at finding bugs. However, as fuzzing (i.e., automated testing) becomes more widely adopted in practice, practitioners are asking: Which assurances does a fuzzing campaign provide that exposes no bugs? When is it safe to stop the fuzzer with a reasonable residual risk? How much longer should the fuzzer be run to achieve sufficient coverage? It is time for us to move beyond the innovation of increasingly sophisticated testing techniques, to build a body of knowledge around the explication and quantification of the testing process, and to develop sound methodologies to estimate and extrapolate these quantities with measurable accuracy. In our vision of the future practitioners leverage a rich statistical toolset to assess residual risk, to obtain statistical guarantees, and to analyze the cost-benefit trade-off for ongoing fuzzing campaigns. We propose a general framework as a first starting point to tackle this fundamental challenge and discuss a large number of concrete opportunities for future research.",

keywords = "Cost benefit tradeoff, Guarantees, Residual risk, Statistics",

author = "Marcel Bohme",

year = "2019",

doi = "10.1109/ICSE-NIER.2019.00010",

language = "English",

isbn = "9781728117591",

pages = "5--8",

editor = "Anita Sarma and Leonarado Murta",

booktitle = "Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "International Conference on Software Engineering 2019 : New Ideas and Emerging Results, ICSE-NIER 2019 ; Conference date: 25-05-2019 Through 31-05-2019",

url = "https://ieeexplore.ieee.org/xpl/conhome/8790673/proceeding",

}

Bohme, M 2019, Assurances in software testing: a roadmap. in A Sarma & L Murta (eds), Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019., 8805701, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 5-8, International Conference on Software Engineering 2019, Montreal, Quebec, Canada, 25/05/19. https://doi.org/10.1109/ICSE-NIER.2019.00010

Assurances in software testing : a roadmap. / Bohme, Marcel.

Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019. ed. / Anita Sarma; Leonarado Murta. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2019. p. 5-8 8805701.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

TY - GEN

T1 - Assurances in software testing

T2 - International Conference on Software Engineering 2019

AU - Bohme, Marcel

N1 - Conference code: 41st

PY - 2019

Y1 - 2019

N2 - As researchers, we already understand how to make testing more effective and efficient at finding bugs. However, as fuzzing (i.e., automated testing) becomes more widely adopted in practice, practitioners are asking: Which assurances does a fuzzing campaign provide that exposes no bugs? When is it safe to stop the fuzzer with a reasonable residual risk? How much longer should the fuzzer be run to achieve sufficient coverage? It is time for us to move beyond the innovation of increasingly sophisticated testing techniques, to build a body of knowledge around the explication and quantification of the testing process, and to develop sound methodologies to estimate and extrapolate these quantities with measurable accuracy. In our vision of the future practitioners leverage a rich statistical toolset to assess residual risk, to obtain statistical guarantees, and to analyze the cost-benefit trade-off for ongoing fuzzing campaigns. We propose a general framework as a first starting point to tackle this fundamental challenge and discuss a large number of concrete opportunities for future research.

AB - As researchers, we already understand how to make testing more effective and efficient at finding bugs. However, as fuzzing (i.e., automated testing) becomes more widely adopted in practice, practitioners are asking: Which assurances does a fuzzing campaign provide that exposes no bugs? When is it safe to stop the fuzzer with a reasonable residual risk? How much longer should the fuzzer be run to achieve sufficient coverage? It is time for us to move beyond the innovation of increasingly sophisticated testing techniques, to build a body of knowledge around the explication and quantification of the testing process, and to develop sound methodologies to estimate and extrapolate these quantities with measurable accuracy. In our vision of the future practitioners leverage a rich statistical toolset to assess residual risk, to obtain statistical guarantees, and to analyze the cost-benefit trade-off for ongoing fuzzing campaigns. We propose a general framework as a first starting point to tackle this fundamental challenge and discuss a large number of concrete opportunities for future research.

KW - Cost benefit tradeoff

KW - Guarantees

KW - Residual risk

KW - Statistics

UR - http://www.scopus.com/inward/record.url?scp=85071955508&partnerID=8YFLogxK

U2 - 10.1109/ICSE-NIER.2019.00010

DO - 10.1109/ICSE-NIER.2019.00010

M3 - Conference Paper

SN - 9781728117591

SP - 5

EP - 8

BT - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering

A2 - Sarma, Anita

A2 - Murta, Leonarado

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

Y2 - 25 May 2019 through 31 May 2019

ER -

Assurances in software testing: a roadmap

Abstract

Conference

Keywords

Access to Document

Other files and links

Fortifying Our Digital Economy: Advanced Automated Vulnerability Discovery

Cite this

Assurances in software testing: a roadmap

Abstract

Conference

Keywords

Access to Document

Other files and links

Projects

Fortifying Our Digital Economy: Advanced Automated Vulnerability Discovery

Cite this