Fuzzing the mbed TLS Library
During my time at Gotham Digital Science (GDS), I worked on a self-communicating mbed TLS client-server combination to allow for predictable fuzzing using Michal Zalewski's amazing afl-fuzz. Details of the effort are published on the GDS blog. Fuzzing revealed several client-side NULL pointer dereference bugs in mbed TLS (formerly known as PolarSSL) which the team at ARM promptly fixed. More information is provided in the mbed TLS/PolarSSL release notes.