These are the books I would add, with the IDA book being number 1
Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities http://www.amazon.com/Art-Software-Secu ... _lmf_tit_8
Rootkits: Subverting the Windows Kernelhttp://www.amazon.com/Rootkits-Subverti ... lmf_tit_14
Exploiting Software: How to Break Codehttp://www.amazon.com/Exploiting-Softwa ... lmf_tit_12
The Shellcoder's Handbook: Discovering and Exploiting Security Holes http://www.amazon.com/Shellcoders-Handb ... lmf_tit_13
Fuzzing for Software Security Testing and Quality Assurancehttp://www.amazon.com/Fuzzing-Software- ... _lmf_tit_7
Aside from the reading, operating system is only relevant to what you want to find "faults" with. Fuzzing is nothing more than fault injection. You likely would yield little results fuzzing Windows files on a Nix box. There are plenty of tools on Windows systems that can help you: PaiMei, Klocwork Architect, Codenomicon, Protos, etc.
The key to benefitting though is to focus on understanding why an application is behaving in a method that causes it to act outside of the norm. This will include knowing and understanding a lot of machine code (Assembly) as well as understanding debugging. For debugging on Windows I use WinDBG for almost everything. From time to time I may plop in and out of Olly or Immunity Debugger, but WinDBG has been very useful to me.
When I was getting deeper into debugging and figuring things out, I followed Vostokov heavily:http://www.dumpanalysis.org/blog/index.php/about/http://www.amazon.com/Crash-Dump-Analysis/dp/B0042ETC7C
There is a lot to know for Windows including literally living on MSDN for months reading up on calls, instructions, etc. This was primarily for Windows mind you. *nix based fuzzing is a bit different because of the variants (Linux, BSD, Solaris, HPUX, QNX, etc). Almost all handle things differently.
Fuzzing involves more than just tools. What's the point of aiming tools to find a crash if you don't know how to capitalize on that crash.
If you heavily want to learn, I suggest you watch for Assured Exploits training by Dino Dai Zovi (http://trailofbits.com/2011/01/11/upcom ... s-in-2011/
). I have not taken the OSCE so I am unsure how much you can actually yield with regards to fuzzying.
Another thing to note is OpenRCE.org, http://www.woodmann.com/
are your friends in this arena. In order to understand bugs, you WILL NEED TO understand reverse engineering heavily.