2024
Fuzzing for Stability: Uncovering and Mitigating Helm's CVEs
A talk that uses Helm as a case study to show how fuzzing finds real vulnerabilities, how those bugs propagate across the cloud-native ecosystem, and how Go's coverage-guided fuzzer works under the hood.
It covers the original bugs, downstream impact, live demos, practical ways to apply fuzzing, and a deeper dive into SSA, CFGs, and performance improvements to the Go fuzzer itself.
Presented at KubeCon + CloudNativeCon India 2024. Rerun at KCD Helsinki 2025.