Software flaws can end up creating security vulnerabilities, and undermine the security of the open source foundation of many apps, sites, services, and networked things.
Launched in December 2016, OSS-Fuzz aims to provide continuous fuzzing for select core open source software.
“OSS-Fuzz’s goal is to make common software infrastructure more secure and stable by combining modern fuzzing techniques with scalable distributed execution,” Google explained.
“OSS-Fuzz combines various fuzzing engines (initially, libFuzzer) with Sanitizers (initially, AddressSanitizer) and provides a massive distributed execution environment powered by ClusterFuzz.”
El código, si no me estoy equivocando:
Le he hecho una lectura en diagonal y me ha parecido entender:
- que principalmente está enfocado a lenguajes C, C++ y Objetive C
- que hay alternativas para otros lenguajes, aunque imagino que con menos funcionalidades
- que uno podría usar el sistema en configuraciones propias.
Pero vamos, que habría de verificarse.
En cualquier caso mola mil.