Google Rolls Out OSS-Fuzz To Help Improve Open-Source Software Safety

Written by Michael Larabel in Google on 1 December 2016 at 12:50 PM EST. 9 Comments
GOOGLE
Google today is rolling out a public beta of OSS-Fuzz, their new program to provide continuous fuzzing of core open-source software code-bases.

Given the rise the past few years of open-source software vulnerabilities in the wild, Google with the Linux Foundation's Core Infrastructure Initiative has established OSS-Fuzz to combine various fuzzing engines (currently libFuzzer) with compiler sanitizers and a distributed environment via ClusterFuzz to offer continuous fuzzing of prominent OSS projects to try to provide better security and stability by catching issues early on and ensuring code-bases are continuously tested against the latest in sanitizers and fuzzers.

OSS-Fuzz has already caught issues with FreeType as an early project they're working with plus have found over 150 bugs in other open-source software projects. Google says there is around four trillion test cases being conducted on a weekly basis. Project maintainers of widely-used and/or critical open-source software projects can apply to be part of OSS-Fuzz testing.

More details via this Google blog post. The continuous fuzzing software is hosted on GitHub.
9 Comments
Related News
Google Rewriting Android's Binder In Rust With Promising Results
Google Chrome To Remove Theora Video Codec Support
Chrome 119 Beta Released With CSS Relative Color Syntax, WebSQL Disabled
Android 14 Open-Source Project Released
Google Preparing To Rollout Stable Chrome Releases Even Faster
Google Announces C3A Instances Coming, Powered By AmpereOne CPUs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Roundcube Open-Source Webmail Software Merges With Nextcloud
Firefox 121 Is Looking Good For Having Wayland Enabled By Default
Debian's MIPS64EL CPU Port Is At Risk Due To Declining Hardware Access
PCSX2 Emulator Disables Wayland Support By Default
LACT Is The Newest AMD Radeon GUI Control Panel For Linux
KDE Is Down To Just One Wayland Showstopper Bug Remaining
TUXEDO Computers Launches First All-AMD Linux Gaming Laptop
OpenZFS Is Still Battling A Data Corruption Issue