One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8306318 |
| Date de publication | 2023-02-01 13:00:49 (vue: 2023-02-01 19:06:22) |
| Titre | Taking the next step: OSS-Fuzz in 2023 |
| Texte | Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016, Google's free OSS-Fuzz code testing service has helped get over 8800 vulnerabilities and 28,000 bugs fixed across 850 projects. Today, we're happy to announce an expansion of our OSS-Fuzz Rewards Program, plus new features in OSS-Fuzz and our involvement in supporting academic fuzzing research. Refreshed OSS-Fuzz rewards The OSS-Fuzz project's purpose is to support the open source community in adopting fuzz testing, or fuzzing - an automated code testing technique for uncovering bugs in software. In addition to the OSS-Fuzz service, which provides a free platform for continuous fuzzing to critical open source projects, we established an OSS-Fuzz Reward Program in 2017 as part of our wider Patch Rewards Program. We've operated this successfully for the past 5 years, and to date, the OSS-Fuzz Reward Program has awarded over $600,000 to over 65 different contributors for their help integrating new projects into OSS-Fuzz. Today, we're excited to announce that we've expanded the scope of the OSS-Fuzz Reward Program considerably, introducing many new types of rewards! These new reward types cover contributions such as: Project fuzzing coverage increases Notable FuzzBench fuzzer integrations Integrating a new sanitizer (example) that finds two new vulnerabilities These changes boost the total rewards possible per project integration from a maximum of $20,000 to $30,000 (depending on the criticality of the project). In addition, we've also established two new reward categories that reward wider improvements across all OSS-Fuzz projects, with up to $11,337 available per category. For more details, see the fully updated rules for our dedicated OSS-Fuzz Reward Program. OSS-Fuzz improvements We've continuously made improvements to OSS-Fuzz's infrastructure over the years and expanded our language offerings to cover C/C++, Go, Rust, Java, Python, and Swift, and have introduced support for new frameworks such as FuzzTest. Additionally, as part of an ongoing collaboration with Code Intelligence, we'll soon have support for JavaScript fuzzing through Jazzer.js. FuzzIntrospector support Last year, we launched the OpenSSF FuzzIntrospector tool and integrated it into OSS-Fuzz. We've continued to build on this by adding new language support and better analysis, and now C/C++, Python, and Java projects integrated into OSS-Fuzz have detailed insights on how the coverage and fuzzing effectiveness for a project can be improved. The |
| Envoyé | Oui |
| Condensat | $11 $20 $30 $600 000 100 2016 2017 2023 337 850 8800 academia academic accelerate across added adding addition additionally adopting against all also among analysis anniversary announce anyone approaching are around art as: automated available awarded bad been before believe benchmarking better blocked blocks boost both broader bug bugs build bzip2 c/c++ can categories category chang changes cited code collaboration combined community competition complex conference considerably continued continuous continuously contributions contributors cover coverage critical criticality critically date dedicated depending detailed details different during ecosystem effectiveness efforts enables enabling established evaluate even example excited expanded expansion features field file find finding finds first fixed frameworks free from full fully fuzz fuzzbench fuzzer fuzzers fuzzing fuzzintrospector fuzztest get globe google guys happy has have help helped hope hosting how icse identifying improve improved improvements incentives increase increases infrastructure initiatives insights integrated integrating integration integrations intelligence introduced introducing invited involved involvement its java javascript jazzer jsonnet language last launched launching list made maintainers maintains making many maximum metrics more ndss new next notable now offerings oliver ongoing open openssf operated oss others over papers part participate past patch per platform plus possible posted powerful premier program project projects provides providing purpose python real refreshed reports research researchers reward rewarded rewards rules runtime rust sanitizer sbft scale scope security see seen service serving since software soon source started state step: stronger submitted successfully such suggesting support supporting swift taking targets team technique test testing them these third through time today tool total turn two types uncovering updated use used users vulnerabilities well which wider will workshop workshops world xpdf year years |
| Tags | Tool |
| Stories | |
| Notes | ★★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.