As part of independent research into healthcare software, I (Zachary Minneker) started looking into implementations of M, a high-performance database and programming language. M is a widely used language in healthcare and banking due to its speed in handling large databases and its extreme flexibility as a language. M-based applications may handle more than half of patient records in the United States. Of course, this led me to YottaDB, an open-source implementation of the language with several benefits that has found its home in a large number of contexts.
After finding and disclosing bugs, we contacted YottaDB to help them bootstrap their fuzzing efforts. KS Bhaskar and his team also collaborated with me on the following blog post about the basics of fuzzing, the process of fuzzing YottaDB, and a bit of what we found and fixed!
–Zachary Minneker, Senior Security Engineer, Security Innovation