oss-fuzz/README.md

# OSS-Fuzz: Continuous Fuzzing for Open Source Software

[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known
technique for uncovering programming errors in software.
Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google has found [thousands] of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),
and we now want to share that service with the open source community. 

[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1

In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), 
OSS-Fuzz aims to make common open source software more secure and stable by
combining modern fuzzing techniques with scalable,
distributed execution.

We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines
in combination with [Sanitizers](https://github.com/google/sanitizers), as well as
[ClusterFuzz](https://github.com/google/clusterfuzz),
a distributed fuzzer execution environment and reporting tool. 

Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too.
OSS-Fuzz supports fuzzing x86_64 and i386 builds.

## Overview
![OSS-Fuzz process diagram](docs/images/process.png)

## Documentation
Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz.

## Trophies
As of August 2019, OSS-Fuzz has found over [14,000] bugs in [200] open source projects.

[14,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=-status%3AWontFix%2CDuplicate+-Infra
[200]: https://github.com/google/oss-fuzz/tree/master/projects

## Blog posts

* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software](https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)
* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects](https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html)
* 2018-11-06 - [A New Chapter for OSS-Fuzz](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html)
Docs: Edit OSS-Fuzz landing page. (#2667) 2019-08-08 14:12:25 +00:00			`# OSS-Fuzz: Continuous Fuzzing for Open Source Software`
absorbed overview.md 2016-10-25 21:31:45 +00:00
			`[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known`
Docs: Edit OSS-Fuzz landing page. (#2667) 2019-08-08 14:12:25 +00:00			`technique for uncovering programming errors in software.`
[docs] Change "hundreds of bugs" to "thousands of bugs" :) (#2674) * [docs] Change "hundreds of bugs" to "thousands of bugs" :) * include AFL crashes too 2019-08-09 19:35:14 +00:00			`Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google has found [thousands] of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),`
[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`and we now want to share that service with the open source community.`
Update README.md 2016-11-19 00:47:25 +00:00
[docs] Change "hundreds of bugs" to "thousands of bugs" :) (#2674) * [docs] Change "hundreds of bugs" to "thousands of bugs" :) * include AFL crashes too 2019-08-09 19:35:14 +00:00			`[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1`

Update README.md (#98) 2016-11-23 16:35:07 +00:00			`In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/),`
			`OSS-Fuzz aims to make common open source software more secure and stable by`
Docs: Edit OSS-Fuzz landing page. (#2667) 2019-08-08 14:12:25 +00:00			`combining modern fuzzing techniques with scalable,`
Update README.md 2016-11-19 00:47:25 +00:00			`distributed execution.`
absorbed overview.md 2016-10-25 21:31:45 +00:00
Docs: Edit OSS-Fuzz landing page. (#2667) 2019-08-08 14:12:25 +00:00			`We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines`
			`in combination with [Sanitizers](https://github.com/google/sanitizers), as well as`
			`[ClusterFuzz](https://github.com/google/clusterfuzz),`
			`a distributed fuzzer execution environment and reporting tool.`

Document i386 fuzzing (#2704) 2019-08-19 21:07:33 +00:00			`Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too.`
			`OSS-Fuzz supports fuzzing x86_64 and i386 builds.`
absorbed overview.md 2016-10-25 21:31:45 +00:00
Docs: Edit OSS-Fuzz landing page. (#2667) 2019-08-08 14:12:25 +00:00			`## Overview`
			`![OSS-Fuzz process diagram](docs/images/process.png)`
Update README.md 2016-12-03 04:41:47 +00:00
Docs: Correct spacing typo and make blog links explicit. (#2668) 2019-08-08 14:36:35 +00:00			`## Documentation`
Docs: Edit OSS-Fuzz landing page. (#2667) 2019-08-08 14:12:25 +00:00			`Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz.`
absorbed overview.md 2016-10-25 21:31:45 +00:00
Switch docs to new structure (#2663) 2019-08-07 14:37:16 +00:00			`## Trophies`
Update README.md 2019-08-17 06:38:26 +00:00			`As of August 2019, OSS-Fuzz has found over [14,000] bugs in [200] open source projects.`
absorbed overview.md 2016-10-25 21:31:45 +00:00
Documentation fixes. (#2705) 2019-08-15 22:07:23 +00:00			`[14,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=-status%3AWontFix%2CDuplicate+-Infra`
Switch docs to new structure (#2663) 2019-08-07 14:37:16 +00:00			`[200]: https://github.com/google/oss-fuzz/tree/master/projects`
absorbed overview.md 2016-10-25 21:31:45 +00:00
Switch docs to new structure (#2663) 2019-08-07 14:37:16 +00:00			`## Blog posts`
Update README.md 2016-09-14 16:44:10 +00:00
Update README.md 2019-08-15 22:08:51 +00:00			`* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software](https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)`
Documentation fixes. (#2705) 2019-08-15 22:07:23 +00:00			`* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects](https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html)`
			`* 2018-11-06 - [A New Chapter for OSS-Fuzz](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html)`
Update README.md 2016-10-06 21:02:52 +00:00