This research evaluates target selection strategies for directed fuzzing, assessing which program regions should be prioritized for effective security testing.

• Systematizes diverse target selection methods across 6 categories (stack trace, CFG, coverage, code features, etc.)
• Evaluates effectiveness against real-world crashes from OSS-Fuzz
• Reveals that combining complementary strategies outperforms individual approaches
• Provides actionable recommendations for security practitioners

Implications for security: Optimized target selection can significantly accelerate vulnerability discovery, reducing testing costs and improving software security at scale.

SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing