These are user-focused values for OneFuzz moving forwards, ordered in priority. It is better to sacrifice something later to achieve a higher priority value.
- Debuggability. Enable the user to inspect, understand, and address their entire fuzzing workflow.
- Composability. Enable the The ability to create a workflow combining multiple parts into a more complicated part.
- Extensibility. Enable the user to extend the fuzzing infrastructure to meet their needs without requiring our assistance.
- Fuzzing Engine Performance. Enable the fastest bug finding capabilities to be deployed.
- Security. User's software, data, and results should be protected from adversaries.
- Approachability. Users should be able to onboard new software to be fuzzed into their CI/CD pipeline easily.
All things being equal, these values, while nice to have, are of significantly less importance than those previously discussed.
- High-Availability. While an important component for the SDL of any project, fuzzing is not a business critical task.
- Thoroughness. Every use case does not need to be covered from the onset of OneFuzz.
- Rely directly on Azure services and infrastructure as much as possible.
- Reduce our software install burden on fuzzing nodes
- Support large number of OS distributions & versions