Announcement

Collapse
No announcement yet.

Google Rolls Out OSS-Fuzz To Help Improve Open-Source Software Safety

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Rolls Out OSS-Fuzz To Help Improve Open-Source Software Safety

    Phoronix: Google Rolls Out OSS-Fuzz To Help Improve Open-Source Software Safety

    Google today is rolling out a public beta of OSS-Fuzz, their new program to provide continuous fuzzing of core open-source software code-bases...

    http://www.phoronix.com/scan.php?pag...oogle-OSS-Fuzz

  • #2
    But they still can't provide consistent security updates to their own operating system? oh.

    Comment


    • #3
      Originally posted by Brophen View Post
      But they still can't provide consistent security updates to their own operating system? oh.
      Nexus and chromebooks are updated consistently, wtf are you talking about?

      Comment


      • #4
        Originally posted by Brophen View Post
        But they still can't provide consistent security updates to their own operating system? oh.
        Which one? Android? If so, I'm not sure what you're talking about. If a vender or carrier holds back updates, that's not the fault of google or AOSP for that matter.

        Comment


        • #5
          Doesn't ChromeOS prove my point then that they CAN do it for Android but don't?

          Microsoft handles it, Linux handles it, Apple handles it

          The most popular OS in the world doesn't
          Pixel is only guaranteed 2 years of updates, and that's "Made by Google" so..

          I'm all in #TeamAndroid , that's why it bothers me
          Last edited by Brophen; 12-01-2016, 03:09 PM.

          Comment


          • #6
            Android updates are usually pushed late because of device vendors, not because of Google.

            But anyway, on the topic. I'm really excited about this. I know Google does a shitton of security testing with their fuzzers and bots. Afaik every chromium patch gets run on ASAN (Address Sanitizer), MSAN (Memory Sanitizer), LSAN (Leak Sanitizer), Dr.Memory and many other bots. If they detect a single issue the patch won't get in. It helps that chromium must be the codebase with most tests ever.

            Comment


            • #7
              Originally posted by Brophen View Post
              Doesn't ChromeOS prove my point then that they CAN do it for Android but don't?

              Microsoft handles it, Linux handles it, Apple handles it

              The most popular OS in the world doesn't
              Pixel is only guaranteed 2 years of updates, and that's "Made by Google" so..

              I'm all in #TeamAndroid , that's why it bothers me
              You must have missed the fact that Android in devices not made by google is a AOSP fork and thus is out of Google's control.

              One of the reasons Android is so much more widespread than Windows Phone/10(mobile) is just that.

              Comment


              • #8
                Originally posted by starshipeleven View Post
                You must have missed the fact that Android in devices not made by google is a AOSP fork and thus is out of Google's control.

                One of the reasons Android is so much more widespread than Windows Phone/10(mobile) is just that.
                They can even control that via GMS certification requirements. But let's zero in on Pixel phone. The best Google can do with with a $600 device "Made by Google" is 2 years guaranteed updates? I could buy a laptop with that money, put Ubuntu on it and have support until Jesus comes back.

                For comparison, Ubuntu is still supporting the Nexus 4

                Sorry, I'm done. Thread successfully hijacked

                Look out, it's the Fuzz!
                Last edited by Brophen; 12-01-2016, 03:29 PM.

                Comment


                • #9
                  Originally posted by Brophen View Post
                  They can even control that via GMS certification requirements.
                  You must have not fucking read the second sentence I posted, let's read it again together:

                  One of the reasons Android is so much more widespread than Windows Phone/10(mobile) is just that.

                  But let's zero in on Pixel phone. The best Google can do with with a $600 device "Made by Google" is 2 years guaranteed updates?
                  Let's introduce a concept called "planned obsolescence". https://en.wikipedia.org/wiki/Planned_obsolescence
                  Google is still providing a whopping 2 more years of support than most OEMs do for bulk of devices though and is also releasing sources (within the limits of the hardware, blobs remain blobs). Don't forget this.
                  I could buy a laptop with that money, put Ubuntu on it and have support until Jesus comes back.
                  Ever wondered why PC sales are shrinking?

                  For comparison, Ubuntu is still supporting the Nexus 4
                  Also Cyanogenmod. That's because Google released the sources, btw.


                  Sorry, I'm done. Thread successfully hijacked
                  It's not done until I say it is done.

                  Comment


                  • #10
                    Originally posted by Brophen View Post
                    For comparison, Ubuntu is still supporting the Nexus 4
                    So are third-party android ROM developers like Cyanogenmod. So basically the same as Ubuntu support. In the meantime, I can't run Windows 10 on my 5-year-old laptop because the manufacturer refuses to release drivers. The situation on PCs is somewhat better because they use standard interfaces that don't change much rather than custom SOCs that get replaced every year, but the fundamental problem remains the same.

                    Comment

                    Working...
                    X