Google Rolls Out OSS-Fuzz To Help Improve Open-Source Software Safety

Written by Michael Larabel in Google on 1 December 2016 at 12:50 PM EST. 9 Comments
Google today is rolling out a public beta of OSS-Fuzz, their new program to provide continuous fuzzing of core open-source software code-bases.

Given the rise the past few years of open-source software vulnerabilities in the wild, Google with the Linux Foundation's Core Infrastructure Initiative has established OSS-Fuzz to combine various fuzzing engines (currently libFuzzer) with compiler sanitizers and a distributed environment via ClusterFuzz to offer continuous fuzzing of prominent OSS projects to try to provide better security and stability by catching issues early on and ensuring code-bases are continuously tested against the latest in sanitizers and fuzzers.

OSS-Fuzz has already caught issues with FreeType as an early project they're working with plus have found over 150 bugs in other open-source software projects. Google says there is around four trillion test cases being conducted on a weekly basis. Project maintainers of widely-used and/or critical open-source software projects can apply to be part of OSS-Fuzz testing.

More details via this Google blog post. The continuous fuzzing software is hosted on GitHub.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week