## Background - Pre-requisites - Regex pattern fuzzing (see below) - Regex parser comes first - Then fuzzer later - First steps - Basic tree-walker algorithm of schemas (Metaschema modules) - Second steps - Metaschema and "Metaschema's schema" - Building a fuzzer that fuzzes the Metaschema schema - Find a way to encode model representations - Perhaps bias different structures over others - Equivalence classes - Any field or flag with a string type with no additional string is just a generic string, can test it as such ## Goals - Start simple, scale up - Black-box first, white box earlier/later if we can ## Level of Effort - The hard: pre-requisite or separate - Verdict: keep it separate - Fuzzing the data type patterns of different fields and flags - The hard parts - Black-box approach - Scenario definition for the different scenarios - The harder parts - "Whitebox approach" -> see the implementation and look at it - Actually reversing the implementation