As you've read through this book, you've no doubt seen the powerful nature of fuzzers. Many software vendors are beginning to realize that fuzzing can be a very fruitful method of detecting vulnerabilities prior to releasing products to customers. For those vendors for whom this is not obvious, it should become so very quickly as external security researchers, corporations evaluating software packages, and those with malicious intent begin using fuzzers on their software.

While fuzzers are a very effective mechanism for finding bugs quickly and reducing testing costs, it's also important to note that running fuzzers in the absence of a broader security policy will not give you a complete security story. Fuzzers are very good at finding certain types of vulnerabilities, while others are better left to tasks such as threat modeling or penetration testing.

As you begin to integrate fuzzing into your software development lifecycle, keep in mind that any plans should be organic. The best fuzzers are those that are updated to better facilitate the testing of your applications. As new attacks are found by security researchers and new techniques are found for detecting bugs, update your fuzzer periodically to keep the testing fresh.