Software experts and open source advocates are applauding Google’s latest “make the world better” offering, its OSS-Fuzz tool. Still in beta, OSS-Fuzz is already a game changer in helping debug open source software with almost instantaneous results, allowing developers to pop back into their code, make an adjustment, and solve the problem.
“Open source software is the backbone of the many apps, sites, services, and networked things that make up ‘the internet.’ It is important that the open source foundation be stable, secure, and reliable, as cracks and weaknesses impact all who build on it,” the team announced in a blog post on the tool last week. “OSS-Fuzz’s goal is to make common software infrastructure more secure and stable by combining modern fuzzing techniques with scaleable distributed execution.”
For the uninitiated, “fuzzing” is “when bits of randomly generated code is inputted into programs as a means to discover code and security flaws,” according to a detailed explanation of the new tool from ThreatPost. OSS-Fuzz runs continuously, seeking out the flaws by inserting its own code to see where the problems lie. It’s much like running dye through a water system to see where the leaks are, only when it comes to open source software and its “everybody welcome” design, those flaws are not one-time fixes. Every new user who adds to the software could potentially be bringing faulty code with him, hence the need to check and recheck with fuzzing.
OSS-Fuzz has already found more than 150 bugs in key software titles and is available for public use, however the software has to be revamped for each software it’s being expected to fuzz. Google itself is currently using the tool to keep its Chrome browser safe and secure. Best of all, Google is welcoming any and all contributions to its tool from user experience. Software developers can submit their projects directly to Google in order to help the team continue building OSS-Fuzz.
You can download our latest Google-related programs and extensions on FileHippo now.