>> Yes, I, I, I think your, your intuition is absolutely correct.
I mean this is intuition at the end because it's still, we're still trying to
figure out what's the really fine print of what is, what technique is good at.
And where there are threshold, what kinds of bugs, etc.
But yes, in the end I think they are still very much complementary.
I would love to be able to claim that SAGE finds basically everything that
other fuzzers have, can find.
And, in some cases of it we've done some experiments, etc.
But in general also the product teams they don't want to
put all their eggs in the same basket, and so they going to.
Also, if a, a, a, a hacker is going to use a blackbox fuzzer, you want to,
you want to also use blackbox fuzzer.
Because that's what they would find, basically.
And in practice, also.
So when we run fuzzing, like in large organization like Windows.
We don't run, fuzzers don't run exactly on the same code, as well.
Which make comparison difficult.
So, for instance, you ca, you might, first, as a small, first kind of test,
ran some like, default like, like for instance blackbox fuzzing.
And because it's offline fuzzing, it's easier, you can,
it's easier to kind of test it on like, unstable build, and things like that.
And later on you can go to the more sophisticated tool that needs to
run perhaps for a longer period of time, or, or, and things like that.
So it's, it's very much a mixture in, in the end.
But yes, and, and so, absolutely programmer-based fuzzing for
instance, especially for like very sophisticated languages.
I mean, you cou, it, it,
having a grammar, good grammar give you a heck of a head start.
Basically to understand what the format is about and
how to drive the execution of a program.
So in fuzzing, in general, we always use seed files, so
well-formed inputs that give us also a head start, right?
So you can also have a combination, where you use grammer based fuzzer.
You generate the 1,000 seeds, cover the grammar well.
And then you use that as this suite basically for whitebox fuzzing.
So, we use, we use this kind of techniques as well.
I mean, using seed files is also a common practice in the fuzzing world, but
we also use this whitebox fuzzing.
And so, we also to refresh the seeds, or, and
how to kind of, try to have more diversity in suite.
Also, and their grammer based fuzzing can be useful for that.
So. >> I'm wondering as as you talk about
the different tools.
And the history that Microsoft has had with using these different tools.
And also the history of automated analysis.
Having started with with Prefix, maybe in the late 90s.
And it become into more common use.
sort of what the story was.
From your point of view you're, you're, you come into the research division of
Microsoft and you just start to develop this technology.
And then you you know, what was the step that went from a tool,
a prototype that you were developing.
To getting to the point that now it's being run on, you know, like you said,
Office and Microsoft products that are used all over the world.
>> Right. >> I imagine that that story of,
of getting it adopted is going to mirror at least a little bit of story.
That maybe people taking the class that they try to get tools used at
their companies.
You know, maybe, what they're certain road blocks or what-not that you encounter,
that maybe they would encounter as well?