To Fuzz or Not to Fuzz: The Quest for Practical Meaning to Fuzzing in Global Certifications (B31c)
Protocol robustness is vital, but do certification mandates effectively thwart real-world exploits? This talk evaluates the technical divergence between NIAP’s optional NDcPP fuzz testing activity, India’s exhaustive NCCS ITSAR fuzzing mandates, and IEC 62443’s CRT (Communication Robustness Testing). Utilizing case studies such as the Ripple20 vulnerabilities , it analyzes whether prescriptive, “blind” fuzzing provides a practical defense or if global schemes must pivot toward targeted, coverage-guided vulnerability analysis to address the sophisticated threat landscape.