Google wants to help ensure open-source projects are stable, secure and reliable. According to the company, open-source software is the backbone of many solutions available on the Internet today, and any problems with it could be catastrophic.
The company announced the release of OSS-Fuzz, a continuous fuzzing solution for open-source software. OSS-Fuzz is a program that has been developed with the help of the Core Infrastructure Initiative over the past couple of years. Continuous fuzzing is a type of fuzz testing that helps users detect errors easily.
“Recent security stories confirm that errors like buffer overflow and use-after-free can have serious, widespread consequences when they occur in critical open-source software,” the Google testing team wrote in a post. “These errors are not only serious, but notoriously difficult to find via routine code audits, even for experienced developers. That’s where fuzz testing comes in.”
The goal of OSS-Fuzz is to combine fuzzing techniques in order to improve the security and stability of open-source software. According to the company, the solution has already found 150 bugs in widely used projects. “With your help, we can make fuzzing a standard part of open-source development, and work with the broader community of developers and security testers to ensure that bugs in critical open-source applications, libraries, and APIs are discovered and fixed,” the team wrote. “We believe that this approach to automated security testing will result in real improvements to the security and stability of open-source software.”
OSS-Fuzz is available as a beta program, and will select certain open-source projects to test. In order to be accepted to OSS-Fuzz, a project needs to have a large user base or be a critical global IT infrastructure.