Announcing OSS-Fuzz: Continuous fuzzing for open source software

Software flaws can end up creating security vulnerabilities, and undermine the security of the open source foundation of many apps, sites, services, and networked things.

Launched in December 2016, OSS-Fuzz aims to provide continuous fuzzing for select core open source software.

“OSS-Fuzz’s goal is to make common software infrastructure more secure and stable by combining modern fuzzing techniques with scalable distributed execution,” Google explained.

“OSS-Fuzz combines various fuzzing engines (initially, libFuzzer) with Sanitizers (initially, AddressSanitizer) and provides a massive distributed execution environment powered by ClusterFuzz.”

El código, si no me estoy equivocando:

Le he hecho una lectura en diagonal y me ha parecido entender:

  • que principalmente está enfocado a lenguajes C, C++ y Objetive C
  • que hay alternativas para otros lenguajes, aunque imagino que con menos funcionalidades
  • que uno podría usar el sistema en configuraciones propias.

Pero vamos, que habría de verificarse.

En cualquier caso mola mil.