During a conversation with Thomas Ptacek about bug-hunting techniques, I came up with an interesting question. Do patches for bugs found through fuzzing or other automated techniques look any different than those found manually? Of course, the bugs themselves will likely be similar but will the patches also have some signature?
I have a hunch that bugs found via fuzzing show up in the perimeter of code, whereas those found manually may be deeper down the callstack. Or, they may usually be the same class of header-based integer overflow, fixed by similar range checks.