2 min

Tags in this article


Google today announced that OSS-Fuzz, the automatic bug finder, has already found more than 9,000 vulnerabilities in widely used open source projects. This is a good result of two years of automatic searching by the Google service.

OSS-Fuzz was released in the course of December 2016. The automatic tool has been developed by Google and can find vulnerabilities in applications. The scans are performed using a technique called fuzzing. It is a technique that is decades old and has become increasingly popular in recent years.

Googles fuzzers

A fuzzer is a technique that feeds large amounts of random data to a software application. Then the fuzzer analyzes the output for abnormalities and crashes. This can help developers to quickly identify bugs in the code of their applications and apps. Google is one of the companies that has been drawing increasing attention to the technology over the past few years.

The company asks both developers and security researchers to use fuzzers. In recent years, Google has released a number of open source fuzzers to stimulate this development. One of them was Flayer, which was released in 2007. But Google’s biggest project is OSS-Fuzz, which was launched in December 2016.

More and more automation

OSS-Fuzz was launched as an open source tool and can be downloaded from GitHub by anyone. The software allows developers to quickly find and resolve vulnerabilities. Until recently there was still a large role for people in the process, but with the latest updates that role is smaller than ever.

In a blog post, Google reports that OSS-Fuzz was looking for bugs in participating projects. Then Google developers looked at the vulnerabilities found. On that basis, they wrote a report to pass on their findings to developers. But a new update takes those developers away from Google and automates the whole thing.

The project can therefore identify and report bugs more quickly. Google’s hope is to fix as many bugs as possible as quickly as possible.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.