1.9 KiB
| layout | title | permalink | nav_order | has_children |
|---|---|---|---|---|
| default | OSS-Fuzz | / | 1 | true |
OSS-Fuzz
Fuzz testing is a well-known technique for uncovering various kinds of programming errors in software. Many of these detectable errors (e.g. buffer overflow) can have serious security implications.
We successfully deployed guided in-process fuzzing of Chrome components and found thousands of security vulnerabilities and stability bugs. We now want to share the experience and the service with the open source community.
In cooperation with the Core Infrastructure Initiative, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques and scalable distributed execution.
We support libFuzzer and AFL as fuzzing engines in combination with Sanitizers. [ClusterFuzz]({{ site.baseurl }}/furthur-reading/clusterfuzz) provides a distributed fuzzer execution environment and reporting. You can checkout ClusterFuzz here.
Currently OSS-Fuzz supports C and C++ code (other languages supported by LLVM may work too).
Trophies
As of August 2019, OSS-Fuzz has found ~14,000 bugs in over 200 open source projects.