oss-fuzz/docs/index.md

---
layout: default
title: OSS-Fuzz
permalink: /
nav_order: 1
has_children: true
has_toc: false
---

# OSS-Fuzz

[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known
technique for uncovering programming errors in software.
Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google has found [thousands] of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),
and we now want to share that service with the open source community. 

[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1

In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), 
OSS-Fuzz aims to make common open source software more secure and stable by
combining modern fuzzing techniques with scalable,
distributed execution.

We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines
in combination with [Sanitizers](https://github.com/google/sanitizers), as well as
[ClusterFuzz](https://github.com/google/clusterfuzz),
a distributed fuzzer execution environment and reporting tool. 

Currently, OSS-Fuzz supports C and C++ code, though other languages supported by [LLVM](http://llvm.org) may work too.

## Trophies
As of August 2019, OSS-Fuzz has found [~14,000] bugs in over [200] open source
projects.

[~14,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=-status%3AWontFix%2CDuplicate+-Infra
[200]: https://github.com/google/oss-fuzz/tree/master/projects
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00			`---`
			`layout: default`
			`title: OSS-Fuzz`
			`permalink: /`
			`nav_order: 1`
			`has_children: true`
[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`has_toc: false`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00			`---`

			`# OSS-Fuzz`

			`[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known`
[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`technique for uncovering programming errors in software.`
[docs] Change "hundreds of bugs" to "thousands of bugs" :) (#2674) * [docs] Change "hundreds of bugs" to "thousands of bugs" :) * include AFL crashes too 2019-08-09 19:35:14 +00:00			`Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google has found [thousands] of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),`
[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`and we now want to share that service with the open source community.`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00
[docs] Change "hundreds of bugs" to "thousands of bugs" :) (#2674) * [docs] Change "hundreds of bugs" to "thousands of bugs" :) * include AFL crashes too 2019-08-09 19:35:14 +00:00			`[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1`

[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/),`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00			`OSS-Fuzz aims to make common open source software more secure and stable by`
[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`combining modern fuzzing techniques with scalable,`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00			`distributed execution.`

[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines`
			`in combination with [Sanitizers](https://github.com/google/sanitizers), as well as`
			`[ClusterFuzz](https://github.com/google/clusterfuzz),`
			`a distributed fuzzer execution environment and reporting tool.`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00
[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`Currently, OSS-Fuzz supports C and C++ code, though other languages supported by [LLVM](http://llvm.org) may work too.`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00
			`## Trophies`
			`As of August 2019, OSS-Fuzz has found [~14,000] bugs in over [200] open source`
			`projects.`

			`[~14,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=-status%3AWontFix%2CDuplicate+-Infra`
			`[200]: https://github.com/google/oss-fuzz/tree/master/projects`