News snapshots · 2019-02-08

Google opens up ClusterFuzz to all – Quick wrap

Google ClusterFuzzSome of you may not know it but ‘Fuzzing’ is a way to find software bugs. It’s an automated process, effective to find memory corruption, stuff like that. Can’t be done manually…too cumbersome & prone to errors.

In order for fuzzing to be truly effective, it must be continuous, done at scale, and integrated into the development process of a software project. Google brought in Fuzzing to Chrome by writing ‘ClusterFuzz’, an fuzzing infrastructure running on over 25,000 cores. Two years later, it began offering ClusterFuzz as a free service to open source projects through OSS-Fuzz.

Today, Google has announced that Google ClusterFuzz is now open source & available for anyone to use. ClusterFuzz has found more than 16,000 bugs in Chrome & more than 11,000 bugs in over 160 open source projects integrated with OSS-Fuzz. Google says ClusterFuzz is often able to detect bugs hours after they are introduced & verify the fix within a day.


 

Click here to opt-out of Google Analytics