Google presented a fuzzing tool named "oss-fuzz"https://github.com/google/oss-fuzz that they already tested on high-profile OSS like crypto libraries or libxml2, and are now opening to all serious open source projects. It builds up on continuous integration and tries to craft testing files to test as many code paths as possible. We could use it to detect when files makes Inkscape crash on start, for instance (or for other purpose like testing how robust our css or .gpl "parsers" are, I'll let it to devs/testers creativity)
NB: Above "for instance" is actually a good example: just today, someone came to IRC with a file that made Inkscape crash, and I simplified it to https://paste.fulltxt.net/I9,7M1hCFkPmSBV which is the sort of bug a fuzzer is *designed* to detect (I suspected such bugs were possible when they presented it, but today's IRC conversation made it a really perfect example).