From 8216f278e4f9c602299266177a92d22650a7035e Mon Sep 17 00:00:00 2001 From: kplybon <53794715+kplybon@users.noreply.github.com> Date: Thu, 8 Aug 2019 10:12:25 -0400 Subject: [PATCH] Docs: Edit OSS-Fuzz landing page. (#2667) --- README.md | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 6bc8be495..6d41d04f4 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,28 @@ -# OSS-Fuzz - Continuous Fuzzing for Open Source Software - -## Introduction +# OSS-Fuzz: Continuous Fuzzing for Open Source Software [Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known -technique for uncovering various kinds of programming errors in software. -Many of these detectable errors (e.g. [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow)) can have serious security implications. - -We successfully deployed +technique for uncovering programming errors in software. +Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google found [hundreds](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-status%3ADuplicate%2CWontFix) of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html) -and found [hundreds](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-status%3ADuplicate%2CWontFix) of security vulnerabilities and stability bugs. We now want to share the experience and the service with the open source community. +and, and we now want to share that service with the open source community. In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), OSS-Fuzz aims to make common open source software more secure and stable by -combining modern fuzzing techniques and scalable +combining modern fuzzing techniques with scalable, distributed execution. -We support [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) as fuzzing engines -in combination with [Sanitizers](https://github.com/google/sanitizers). -[ClusterFuzz](https://google.github.io/oss-fuzz/furthur-reading/clusterfuzz) -provides a distributed fuzzer execution environment and reporting. You can -checkout ClusterFuzz [here](https://github.com/google/clusterfuzz). +We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines +in combination with [Sanitizers](https://github.com/google/sanitizers), as well as +[ClusterFuzz](https://github.com/google/clusterfuzz), +a distributed fuzzer execution environment and reporting tool. -Currently OSS-Fuzz supports C and C++ code (other languages supported by [LLVM](http://llvm.org) may work too). +Currently, OSS-Fuzz supports C and C++ code, though other languages supported by [LLVM](http://llvm.org) may work too. -## Documentation -You can find detailed documentation [here](https://google.github.io/oss-fuzz). +## Overview +![OSS-Fuzz process diagram](docs/images/process.png) + +##Documentation +Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz. ## Trophies As of August 2019, OSS-Fuzz has found [~14,000] bugs in over [200] open source