APPS
APPS
APPS
Google announces ClusterFuzzLite open-source solution for detecting bugs using ‘fuzzing’
Google LLC today announced the release of ClusterFuzzLite with an aim to make it easy to integrate fuzzing – a technique for finding bugs in software using random or invalid data – into software development workflows.
Fuzzing, also called fuzz testing, has become a fundamental part of discovering software bugs and vulnerabilities. It can catch bugs that can slip by manual tests by throwing random and unexpected data at code in order to produce out-of-bounds results and crashes, which are likely to reveal flaws in the software.
This sort of testing is especially important for any software that will be exposed to external user input. That’s because this is where hackers will attempt to exploit the system or a user could accidentally run across a case that crashes the application.
ClusterFuzzLite works alongside OSS-Fuzz, a program developed by Google to provide continuous fuzzing for select core open-source software projects. Since the release of OSS-Fuzz in 2016, it has led to the detection and repair of more than 6,500 vulnerabilities and 21,000 functional bugs across more than 500 critical open-source projects.
Google said large projects such as systemd, the user process management service on the Linux operating system, and curl, a command-line tool and library for transferring data, are already using ClusterFuzzLite during code review.
Image: Google
“When the human reviewers nod and have approved the code and your static code analyzers and linters can’t detect any more issues, fuzzing is what takes you to the next level of code maturity and robustness,” said Daniel Stenberg, author of curl. “OSS-Fuzz and ClusterFuzzLite help us maintain curl as a quality project, around the clock, every day and every commit.”
ClusterFuzzLite makes it simpler to integrate fuzzing into any project workflow and makes fuzz testing an essential standard during commits. GitHub users can easily add it into their workflow and fuzz pull requests to catch bugs before code is committed with only a few lines of code. Equally important, it’s easy to set up for closed-source projects as well.
By adding fuzzing during the integration process, bugs in the code can be caught before new code is added to the main codebase. The solution currently supports GitHub Actions, Google Cloud Build and Prow. It was built with continuous integration system extensibility in mind, and the team made it so that adding support for other CI systems is straightforward.
Further information is available on the ClusterFuzzLite documentation page.
Image: Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
