Jump to content

Google’s OSS-Fuzz Finds 1,000 Open Source Bugs


RV_

Recommended Posts

Apparently Google is getting some big results from a first time effort, discovering vulnerabilities and issues in open source. As well they are able to help folks who are writing code for open source projects.

 

Excerpt:

"The numbers are in — and judging by them, OSS-Fuzz, the program Google unveiled last December to continuously fuzz open source software, has been a success.

In five months time the effort has unearthed over 1,000 bugs, a quarter of them potential security vulnerabilities, Google says.

OSS-Fuzz, still in beta mode, is built on fuzzing engineers like libFuzzer, sanitizers, Address Sanitizer, and a distributed fuzzing architecture that catalogs statistics as they pop up. The project was one of two Google unveiled last December. It also released Project Wycheproof, a collection of unit tests designed to help cryptographers check for weaknesses in cryptographic algorithms.

Engineers behind the platform – Oliver Chang and Abhishek Arya with Chrome Security, Kostya Serebryany, software Engineer with Dynamic Tools, and Josh Armour, a Security Program Manager with Google – wrote a blog post to fill the public in on the last five months on Monday.

googlechart-1024x597.png

While it can’t disclose all of the bugs – some are still restricted – Google says the project has helped find bugs in all types of open source software, including 10 bugs in FreeType2, 17 in FFmpeg, 33 in LibreOffice, eight in SQLite 3, 10 inGnuTLS, 25 in PCRE2, nine in gRPC, and seven in WireShark.

While the statistics behind OSS-Fuzz are positive news, Google also said something else that should put a smile on developers’ faces. The engineers said the company wants to help developers behind some of the open source projects, many which operate on a shoestring budget, better fund their projects."

More here in the original article here:

https://threatpost.com/googles-oss-fuzz-finds-1000-open-source-bugs/125545/

 

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

RVers Online University

Giraffe G4.

mywaggle.com

campgroundviews.com

RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

RVTravel.com Logo



×
×
  • Create New...