By Kevin Townsend on December 02, 2016
Just two months after Microsoft announced its Project Springfield code fuzzing service, Google has launched the beta of its own OSS-Fuzz. The purpose in both cases is to help developers locate the bugs that eventually lead to breaches. But the services, like the two organizations, are very different: one is paid for while the other is free; one is proprietary while the other is open source.
Google describes OSS-Fuzz as 'continuous fuzzing for open source software'. "OSS-Fuzz's goal," wrote the development team in Google's Testing Blog yesterday, "is to make common software infrastructure more secure and stable by combining modern fuzzing techniques with scalable distributed execution. OSS-Fuzz combines various fuzzing engines (initially, libFuzzer) with Sanitizers (initially, AddressSanitizer) and provides a massive distributed execution environment powered by ClusterFuzz."
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.