Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Shells Out $600,000 for OSS-Fuzz Project Integrations

Google announces an expansion of its OSS-Fuzz rewards program to help find software vulnerabilities before they are exploited.

Google this week announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz.

Launched in 2016, OSS-Fuzz is meant to help identify vulnerabilities in open source software through continuous fuzzing, with a declared goal of making common software infrastructure more secure.

Six months after the launch, Google announced that it was offering rewards between $1,000 and $20,000 for integrating projects into OSS-Fuzz, and now says that it has paid over $600,000 to more than 65 different contributors as part of the program.

The internet search marketing giant has now increased the highest reward available for new project integration to $30,000, which can be awarded depending on ‘the criticality of the project’.

Launched last year and already integrated into OSS-Fuzz, the tool performs analysis of functions, static call graphs, and runtime coverage information to provide insights into fuzzing coverage blockers.

“The Fuzz Introspector tool provides these insights by identifying complex code blocks that are blocked during fuzzing at runtime, as well as suggesting new fuzz targets that can be added,” Google says.

By increasing payouts and expanding the OSS-Fuzz rewards program, Google seeks to strengthen OSS-Fuzz to find more vulnerabilities before they are exploited.

Related: Google Announces Vulnerability Scanner for Open Source Developers

Advertisement. Scroll to continue reading.

Related: Google’s GUAC Open Source Tool Centralizes Software Security Metadata

Related: Google Wants More Projects Integrated With OSS-Fuzz

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.