"Google Offers Free Access to Fuzzing Framework"

Fuzzing can be an effective tool for identifying zero-day vulnerabilities in software. Therefore, Google has announced that its fuzzing framework, OSS-Fuzz, will now be available for free in order to encourage developers and researchers to use it. Google says that using the framework to automate the manual aspects of fuzz testing with the help of Large Language Models (LLMs) can result in significant security improvements. So far, OSS-Fuzz's expanded fuzzing coverage provided by LLM-generated improvements has led to the discovery of two new vulnerabilities in cJSON and libplist, even though these projects had already been fuzzed for years. Google added that these two vulnerabilities could have remained undiscovered and unfixed without the completely LLM-generated code. This article continues to discuss Google's OSS-Fuzz framework. 

CSO Online reports "Google Offers Free Access to Fuzzing Framework"

Submitted by grigby1