From b48c72b2555f3de10f0fbc0654e86196171f7478 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 18 Nov 2016 16:47:25 -0800 Subject: [PATCH] Update README.md --- README.md | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 443111e19..589a0d17e 100644 --- a/README.md +++ b/README.md @@ -11,29 +11,26 @@ [Create New Issue](https://github.com/google/oss-fuzz/issues/new) for questions or feedback. -## Goals - -OSS-Fuzz aims to make common open source software more secure by -combining modern white-box fuzzing techniques together with scalable -distributed execution. - -At the first stage of the project we plan to combine -[libFuzzer](http://llvm.org/docs/LibFuzzer.html) with various `clang` -[sanitizers](https://github.com/google/sanitizers). -[ClusterFuzz](docs/clusterfuzz.md) -provides distributed fuzzer execution environment and reporting. - -## Background +## Why OSS-Fuzz? [Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known technique for uncovering certain types of programming errors in software. Many detectable errors (e.g. buffer overruns) have real security implications. -Our previous experience applying [libFuzzer](http://llvm.org/docs/LibFuzzer.html) -to do [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html) -has proved very successful. +We successfully deployed +[guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html) +and now want to share the experience and the service with the openssource community. +OSS-Fuzz aims to make common open source software more secure by +combining modern fuzzing techniques and scalable +distributed execution. + +At the first stage of the project we use +[libFuzzer](http://llvm.org/docs/LibFuzzer.html) with +[Sanitizers](https://github.com/google/sanitizers). More fuzzing engines will be added later. +[ClusterFuzz](docs/clusterfuzz.md) +provides distributed fuzzer execution environment and reporting. ## Process Overview