Google has open sourced its fuzzing infrastructure ClusterFuzz that the tech giant developed to find memory corruption bugs in the Chrome browser.
ClusterFuzz is a scalable
The platform has been available as a free service to open source projects through the OSS-Fuzz service.
“Manually finding these issues is both difficult and time consuming, and bugs often slip through despite rigorous code review practices. For software projects written in an unsafe language such as C or C++,
The fuzzing test methodology is effective in detecting bugs in software on a large scale, especially when it is directly integrated with the development process.
ClusterFuzz was created more than 8 years ago to provide end-to-end automation, from bug detection, to triage (accurate deduplication, bisection), to bug reporting, and finally to automatic closure of bug reports.
Google confirmed that to date, ClusterFuzz discovered over 16,000 vulnerabilities in Chrome and more than 11,000 vulnerabilities across more than 160 open source projects integrated with OSS-Fuzz.
“It is an integral part of the development process of Chrome and many other open source projects. ClusterFuzz is often able to detect bugs hours after they are introduced and verify the fix within a day.” continues the blog post.
ClusterFuzz can be also installed locally on a computer cluster.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.