This study addresses the scheduler optimization problem under computational resource constraints in large-scale fuzzing. We propose a dynamic scheduler paradigm and, for the first time, systematically demonstrate that scheduler design impacts vulnerability discovery efficacy comparably to fuzzer engine improvements—identifying it as both a critical bottleneck and a key leverage point. We design and implement an adaptive dynamic scheduling algorithm that jointly leverages coverage gain, crash feedback, and uncertainty prediction, and integrate it into mainstream frameworks including AFL++. Evaluating on a benchmark of 5,000 Ubuntu programs via concurrent fuzzing, our approach discovers 4,908 previously unknown vulnerabilities—substantially outperforming the equal-time-allocation baseline. It achieves measurable gains both in total vulnerability count and per-program vulnerability coverage, empirically validating the substantial benefits of dynamic scheduling for large-scale vulnerability discovery.

How to search for bugs in 1,000 programs using a pre-existing fuzzer and a standard PC? We consider this problem and show that a well-designed strategy that determines which programs to fuzz and for how long can greatly impact the number of bugs found across the programs. In fact, the impact of employing an effective strategy is comparable to that of utilizing a state-of-the-art fuzzer. The considered problem is referred to as fuzzing at scale, and the strategy as scheduler. We show that besides a naive scheduler, that allocates equal fuzz time to all programs, we can consider dynamic schedulers that adjust time allocation based on the ongoing fuzzing progress of individual programs. Such schedulers are superior because they lead both to higher number of total found bugs and to higher number of found bugs for most programs. The performance gap between naive and dynamic schedulers can be as wide (or even wider) as the gap between two fuzzers. Our findings thus suggest that the problem of advancing schedulers is fundamental for fuzzing at scale. We develop several schedulers and leverage the most sophisticated one to fuzz simultaneously our newly compiled benchmark of around 5,000 Ubuntu programs, and detect 4908 bugs.