Some of you may not know it but ‘Fuzzing’ is a way to find software bugs. It’s an automated process, effective to find memory corruption, stuff like that. Can’t be done manually…too cumbersome & prone to errors.
In order for fuzzing to be truly effective, it must be continuous, done at scale, and integrated into the development process of a software project. Google brought in Fuzzing to Chrome by writing ‘ClusterFuzz’, an fuzzing infrastructure running on over 25,000 cores. Two years later, it began offering ClusterFuzz as a free service to open source projects through OSS-Fuzz.
Today, Google has announced that Google ClusterFuzz is now open source & available for anyone to use. ClusterFuzz has found more than 16,000 bugs in Chrome & more than 11,000 bugs in over 160 open source projects integrated with OSS-Fuzz. Google says ClusterFuzz is often able to detect bugs hours after they are introduced & verify the fix within a day.