"CI Fuzz CLI: Open-Source Tool Simplifies Fuzz Testing for C++"

Fuzz testing helps developers protect their applications from memory corruptions, crashes, and other security issues such as Denial-of-Service (DoS) and uncaught exceptions. CI Fuzz CLI, a new security tool from Code Intelligence, allows developers to run coverage-guided fuzz tests directly from the command line to find and fix vulnerabilities at scale. Fuzz testing is becoming increasingly popular in the open-source community. Google's Open-Source-Security (OSS) team recently reported that fuzz testing detected over 40,500 bugs in 650 open-source projects. However, most developers outside of the open-source and security communities are unfamiliar with fuzz testing. According to a recent study of Go developers, less than 12 percent of all participants use fuzz testing at work, citing a lack of understanding along with implementation challenges as the main reasons for low adoption. The new open-source tool from Code Intelligence aims to address these issues by making fuzz testing accessible to all developers. The CI Fuzz CLI enables developers to run a fuzz test with just three commands. It can be integrated into common build systems, Integrated Development Environments (IDEs), and Continuous Integration/Continuous (CI/CD) delivery tools. The first release includes C/C++ and CMake language support. JVM-based programming languages, Golang, and JavaScript will soon be supported. This article continues to discuss Code Intelligence's open-sourced CI Fuzz CLI security tool. 

Help Net Security reports "CI Fuzz CLI: Open-Source Tool Simplifies Fuzz Testing for C++"