RV_ Posted May 9, 2017 Report Share Posted May 9, 2017 Apparently Google is getting some big results from a first time effort, discovering vulnerabilities and issues in open source. As well they are able to help folks who are writing code for open source projects. Excerpt: "The numbers are in — and judging by them, OSS-Fuzz, the program Google unveiled last December to continuously fuzz open source software, has been a success. In five months time the effort has unearthed over 1,000 bugs, a quarter of them potential security vulnerabilities, Google says. OSS-Fuzz, still in beta mode, is built on fuzzing engineers like libFuzzer, sanitizers, Address Sanitizer, and a distributed fuzzing architecture that catalogs statistics as they pop up. The project was one of two Google unveiled last December. It also released Project Wycheproof, a collection of unit tests designed to help cryptographers check for weaknesses in cryptographic algorithms. Engineers behind the platform – Oliver Chang and Abhishek Arya with Chrome Security, Kostya Serebryany, software Engineer with Dynamic Tools, and Josh Armour, a Security Program Manager with Google – wrote a blog post to fill the public in on the last five months on Monday. While it can’t disclose all of the bugs – some are still restricted – Google says the project has helped find bugs in all types of open source software, including 10 bugs in FreeType2, 17 in FFmpeg, 33 in LibreOffice, eight in SQLite 3, 10 inGnuTLS, 25 in PCRE2, nine in gRPC, and seven in WireShark. While the statistics behind OSS-Fuzz are positive news, Google also said something else that should put a smile on developers’ faces. The engineers said the company wants to help developers behind some of the open source projects, many which operate on a shoestring budget, better fund their projects." More here in the original article here: https://threatpost.com/googles-oss-fuzz-finds-1000-open-source-bugs/125545/ RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.