Past week Google announced a project called OSS-Fuzz. This ideology is related to fuzz testing.
The purpose behind developing OSS FUZZ is to use the tool in development environment and locate the threats, which can potentially turn into severe vulnerability. OSS-Fuzz already has a remarkable case of vulnerabilities found, from running over 4 trillion test cases per week.
When do you want OSS – FUZZ?
You like open source!!!!!!
You like security!!!!
But you don’t have your own personal server with thousands of cores!!!
There comes a picture of OSS-Fuzz.
OSS-Fuzz is now a game changer in debugging open source software with almost rapid results, which allows developers to get back into their code, make any adjustments and solve the problem.
Just two months after Microsoft declared its “Project Springfield” code fuzzing service, Google has hurled the beta of OSS-Fuzz on 1st Dec ’16. The purpose of these tools is to help developers trace the bugs that lead to breaches. But the services are very different: First one is paid whereas the later one is free; one is proprietary while the other is open source software testing tool.
Open source software is the spine for many apps, sites or services. It is very important that the open source foundation to be constant, secured, and consistent because cracks and weaknesses impact all what is built on it.
OSS-Fuzz’s goal is to make common software structure more secure and steady by merging modern fuzzing techniques with scalable distributed execution.
OSS-Fuzz runs endlessly, looking for the flaws by inserting its own code to the location of the problems. When it comes to open source software and its “anybody can use” design, these errors are not one-time fixes. Every new user can bring faulty code with him, hence there is a need to check and recheck with fuzzing logic.
OSS-Fuzz has already found 150 bugs in crucial software titles and tosses 4 trillion test cases a week. However, the tool has to be refurbished for each software, for which it is being expected to fuzz. Google itself is currently using the tool to keep the Chrome browser secured.
Currently OSS-Fuzz supports C and C++ code, and other codes may also work, but this needs to be experimented. Whereas, other languages supported by LLVM may work too.
The best part is, Google is welcoming any or all contributions to its tool from user experience. Developers can submit their projects directly to Google in order to help the team continue building the tool.
It is expected that OSS-Fuzz will be a huge jump forward for the security of critical open source software.
Thanks for reading
Subscribe for more updates on Software Testing