While Project OneFuzz is the testing framework used in-house by Microsoft for Edge browser and Windows debugging, and now made available as an open-source tool via GitHub for all developers to use.
According to Microsoft, fuzz testing is effective for improving code quality, which is a perfect standard for finding and removing exploitable security vulnerabilities, and increasing the security and reliability of native code.
What the release of Project OneFuzz as open-source means to developers?
Microsoft’s aim of releasing of Project OneFuzz as open-source is to enable developers to easily and continuously fuzz test their code before its final release, and the global release of Project OneFuzz is intended to help secure the platforms and tools that we all depends to carry out our daily digital tasks.
Already, Project OneFuzz has enabled continuous developer-driven fuzzing of Windows which allowed Microsoft to proactively secure the platform prior to shipment of the latest OS builds. It will allow developers to create unit test binaries with modern fuzzing lab which is compiled in a highly reliable test invocation, and detect errors with a single executable.
And developers can be able to launch fuzz jobs ranging in size from a few virtual machines to thousands of cores, with such enablements as: on-demand live-debugging of found crashes, programmatic triage and result deduplication, with crash reporting notification callbacks.
How to get Started with Project OneFuzz
Project OneFuzz is now available on GitHub under an MIT license for developers to try out! And it will be updated by contributions from both Microsoft Research and Security Groups, with input from other partner teams to expand fuzzing coverage and continuously improve the security of all platforms and products.
And Microsoft will continue to maintain Project OneFuzz by releasing updates to the open-source community as they occur.