Mouser Left Banner
Mouser Left Banner
Mouser Left Banner
Mouser Left Banner
Mouser Left Banner
Mouser Left Banner
More

    Google Launches Open Source Security Tool in Beta

    Google wants to make “fuzz testing” providing random data inputs to programs a standard part of open source development.

    To that end, it just launched a beta program for OSS-Fuzz, a project on GitHub. It seeks to help standardize modern fuzzing techniques and combine them with a distributed execution model that can scale as needed.

    According to Wikipedia: “Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.”

    Google said the technique can be used to ensure popular open source components — specifically those considered to be critical parts of the global IT infrastructure — are stable, secure and reliable.

    “Recent security stories confirm that errors like buffer overflow and use-after-free can have serious, widespread consequences when they occur in critical open source software,” the company said in a recent blog post. “These errors are not only serious, but notoriously difficult to find via routine code audits, even for experienced developers. That’s where fuzz testing comes in. By generating random inputs to a given program, fuzzing triggers and helps uncover errors quickly and thoroughly.”

    OSS-Fuzz will combine different fuzzing engines starting with libFuzzer and other components in a scalable distributed execution environment leveraging the ClusterFuzz project.

    Google said the tool, which will provide continuous fuzz testing for select projects, was developed over a period of years in conjunction with the Core Infrastructure Initiative community.

    The company said the project has already discovered some 150 bugs in popular open source projects.

    The project is accepting other candidates for the program, with no strict definition of what exactly makes them suitable beyond the guidance that projects be widely used and critical to IT infrastructure.

    ELE Times Bureau
    ELE Times Bureauhttps://www.eletimes.com
    ELE Times provides a comprehensive global coverage of Electronics, Technology and the Market. In addition to providing in depth articles, ELE Times attracts the industry’s largest, qualified and highly engaged audiences, who appreciate our timely, relevant content and popular formats. ELE Times helps you build awareness, drive traffic, communicate your offerings to right audience, generate leads and sell your products better.

    Technology Articles

    Popular Posts

    Latest News

    Must Read

    ELE Times Top 10