Google this week revealed plans to reach out to critical open source projects and invite them to integrate with OSS-Fuzz.
Launched in December 2016, OSS-Fuzz is a free and continuous fuzzing infrastructure hosted on the Google Cloud Platform and designed to serve the Open Source Software (OSS) community through finding security vulnerabilities and stability issues.
OSS-Fuzz has already helped find and report over 9,000 flaws since launch, including bugs in critical projects such as FreeType2, FFmpeg, LibreOffice, SQLite, OpenSSL, and Wireshark.
Recently, Google has managed to consolidate the bug hunting and reporting processes into a single workflow, by unifying and automating its fuzzing tools, and believes that the OSS community should take advantage of this.
Thus, the Internet search giant has decided to contact the developers of critical projects and invite them to integrate with the fuzzing service.
“Projects integrated with OSS-Fuzz will benefit from being reviewed by both our internal and external fuzzing tools, thereby increasing code coverage and discovering bugs faster,” Google says.
Previously, the reporting process was a bit complex, as multiple tools were being used to identify bugs, while submissions were manually made to various public bug trackers, and then monitored until resolved.
“We are committed to helping open source projects benefit from integrating with our OSS-Fuzz fuzzing infrastructure. In the coming weeks, we will reach out via email to critical projects that we believe would be a good fit and support the community at large,” Google now says.
Projects that integrate are also eligible for rewards that range from $1,000 for initial integration to $20,000 for ideal integration. The rewards, Google says, should “offset the cost and effort required to properly configure fuzzing for OSS projects.”
Developers who would like to integrate their projects with OSS-Fuzz can submit them for review. Google wants to “admit as many OSS projects as possible and ensure that they are continuously fuzzed.” Contacted developers might be provided with a sample fuzz target for easy integration, the search company says.
More from Ionut Arghire
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
Latest News
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Ferrari Says Ransomware Attack Exposed Customer Data
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
