Fuzzers are a very effective method for finding bugs in software that relies heavily on parsers. The more complex the parsers, the more likely fuzzers will find many issues.

Doing manual security testing is extremely time consuming. Fuzzers can help in offloading much of that process and provide better coverage for certain types of testing.

If your software is widely deployed, individuals external to your organization will be running fuzzers against your software. It's that simple. Do you want to be publicly embarrassed, or would you rather find these flaws in house before you have to deal with hot fix or patching nightmares?

It is understood that the cost of fixing a bug once a product has already been released increases substantially. The last thing you want to deal with is 50 vulnerabilities in your software reported externally because someone ran a fuzzer over your file format. You'll have customers demanding patches right now, and some making the decision to switch from your software to a competitor's.

Integrating fuzzing into your software development lifecycle because it's a popular technique is not a good idea. It needs to be carefully considered based on the technologies and languages you are using, and be part of a formalized security process. Simply running fuzzers on your software will not produce...