ClusterFuzz, which offers scalable fuzzing infrastructure that finds security and stability issues in software, used by Google for the fuzzing of Chrome Browser, and serves as the backend for OSS-Fuzz is now open source.
It has helped to unravel over 16,000 bugs in Chrome and more than 11,000 bugs in other 160 open source projects integrated into OSS-Fuzz.
While the term fuzzing implies the method for detecting bugs in software by feeding unexpected inputs to target program, which is very effective at finding memory corruption issues that's often the cause of some serious security problems.
Especially applicable in software projects written in C or C++, fuzzing is crucial in ensuring their security and stability as these languages are mostly unsafe.
Albeit, these issues can be manually sorted out, but it's difficult and rather time consuming, as bugs can often slip through even a rigorous code review, ClusterFuzz offers effective, continuous debugging at scale and fully integrated into the development process of a software project.
ClusterFuzz is able to detect bugs in software within hours after they are live and verify a fix within days.
Google had earlier offered ClusterFuzz as a free service to the open source projects via OSS-Fuzz. Now, the company has fully open sourced ClusterFuzz, making it available for anyone to use via GitHub, with instructions provided for guidance.