In its latest effort to aid developers in finding bugs in their software, Google has announced that its scalable fuzzing tool ClusterFuzz will now be open-source and available to all.
The search giant has been using the tool internally for some years now and it has allowed developers to find over 16,000 bugs in Chrome.
A few years ago, Google launched its OSS-Fuzz service which utilised ClusterFuzz, though it was only available to open-source projects.
- EU to fund bug bounty program for top open-source software
- HP launches bug bounty program for printers
- Bitcoin bug exploited to print millions of Pigeoncoins
Fuzzing is an automated method for detecting bugs in software that works by feeding large numbers of unexpected inputs to a target program. While the process may crash an application, fuzzing is quite effective at discovering memory corruption bugs that can often have serious security implications.
Fuzzing at scale
For fuzzing to be truly effective though, it must be continuous, carried out at scale and integrated into a software project's development process. This is why Google created ClusterFuzz which is run on over 25,000 cores.
ClusterFuzz is able to provide end-to-end automation, from bug detection, to triage, to bug reporting and finally to closing bug reports automatically.
In addition to detecting bugs in Chrome, Google's tool has discovered 11,000 bugs in over 160 open-source source projects that utilised OSS-Fuzz.
Fuzzing has grown in popularity recently due to the fact that more and more software testing and deployment is automated.
ClusterFuzz is now available on Google's GitHub repository (opens in new tab) and the company has even provided detailed instructions (opens in new tab) for developers that wish to begin using its tool to integrate fuzzing into their workflows.
- We've also highlighted the best antivirus to protect your systems from the latest cyber threats