Who need fuzzing and how to use it
Problem Statement
Before we introduce fuzzing, we want to understand the following:
- Who are our target users? All security companies? big ones only?
- For those who know what fuzzing is, what feature do they need? Do they want to tie it to CI/CD
- For those who have used fuzzing, what are do they like about fuzzing, what they don't like about fuzzing
- For those who don't know what fuzzing is, what level of guidelines do they need to use fuzzing.
Reach
At this point, we believe that the reach is around 3.0, but could be higher as fuzzing becomes more accessible and available within the pipeline.
Impact
We believe that this will initially have an impact of around 1.0, but will grow as more customers become comfortable with the idea of fuzzing.
Confidence
We are 100% sure that easily fuzzing applications and APIs is a problem, however, we do not know exactly how our customers want to use fuzzing within GitLab.
Effort
The effort is currently unknown.
Edited by Derek Ferguson