Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Docs: Edit OSS-Fuzz landing page. (#2667)

This commit is contained in:
kplybon 2019-08-08 10:12:25 -04:00 committed by Abhishek Arya
parent e8ca6e1514
commit 8216f278e4
1 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -1,30 +1,28 @@
# OSS-Fuzz - Continuous Fuzzing for Open Source Software
## Introduction
# OSS-Fuzz: Continuous Fuzzing for Open Source Software
[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known
technique for uncovering various kinds of programming errors in software.
Many of these detectable errors (e.g. [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow)) can have serious security implications.
We successfully deployed
technique for uncovering programming errors in software.
Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google found [hundreds](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-status%3ADuplicate%2CWontFix) of security vulnerabilities and stability bugs by deploying
[guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html)
and found [hundreds](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-status%3ADuplicate%2CWontFix) of security vulnerabilities and stability bugs. We now want to share the experience and the service with the open source community.
and, and we now want to share that service with the open source community.
In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/),
OSS-Fuzz aims to make common open source software more secure and stable by
combining modern fuzzing techniques and scalable
combining modern fuzzing techniques with scalable,
distributed execution.
We support [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) as fuzzing engines
in combination with [Sanitizers](https://github.com/google/sanitizers).
[ClusterFuzz](https://google.github.io/oss-fuzz/furthur-reading/clusterfuzz)
provides a distributed fuzzer execution environment and reporting. You can
checkout ClusterFuzz [here](https://github.com/google/clusterfuzz).
We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines
in combination with [Sanitizers](https://github.com/google/sanitizers), as well as
[ClusterFuzz](https://github.com/google/clusterfuzz),
a distributed fuzzer execution environment and reporting tool.
Currently OSS-Fuzz supports C and C++ code (other languages supported by [LLVM](http://llvm.org) may work too).
Currently, OSS-Fuzz supports C and C++ code, though other languages supported by [LLVM](http://llvm.org) may work too.
## Documentation
You can find detailed documentation [here](https://google.github.io/oss-fuzz).
## Overview
![OSS-Fuzz process diagram](docs/images/process.png)
##Documentation
Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz.
## Trophies
As of August 2019, OSS-Fuzz has found [~14,000] bugs in over [200] open source