Paraphrased questions (as far as I remember them) Question: Why not use the recently added QEMU support for kernel fuzzing? Answer: The QEMU stuff hasn't been ported to the BSDs yet and using DTrace probes should have less overhead. (Also the QEMU stuff probably doesn't work for kernel path discovery at all, even on GNU/Linux, but I only came to this conclusion a couple of hours after the talk) Question: Did you measure the code coverage for Privoxy's "fuzz framework"? Answer: Not (yet), but I would expect the coverage to be pretty poor (less than 30%). I'll add the rest of the questions once the video is up.