Microsoft on Tuesday announced the release of Project OneFuzz, an open source fuzzing framework for Azure that the tech giant has been using internally for the past year to find and patch bugs.
Fuzzing is used to find vulnerabilities and other bugs in software by injecting malformed data into the targeted application to see if it crashes or behaves unexpectedly, which could indicate the presence of a problem.
Project OneFuzz, which Microsoft describes as an extensible fuzz testing framework, is designed to address some of the challenges typically associated with fuzzing, enabling developers to conduct this type of testing themselves and allowing security engineers to focus on other important tasks.
The company says it has used Project OneFuzz internally for Windows, Edge and other products.
“Microsoft’s goal of enabling developers to easily and continuously fuzz test their code prior to release is core to our mission of empowerment. The global release of Project OneFuzz is intended to help harden the platforms and tools that power our daily work and personal lives to make an attacker’s job more difficult,” Microsoft says.
Project OneFuzz can be used on Windows or Linux operating systems, it allows users to add their own fuzers, it includes useful triage and result deduplication capabilities, and users can summon live debugging sessions when a crash is identified.
Microsoft says it will continue to maintain and expand the project, but it also welcomes contributions from the community.
The Project OneFuzz source code is available on GitHub.
Related: Google Open Sources Fuzzing Platform