"Google Shells Out $600,000 for OSS-Fuzz Project Integrations"

Google recently announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz.  Launched in 2016, OSS-Fuzz is intended to help identify vulnerabilities in open source software through continuous fuzzing, with a declared goal of making common software infrastructure more secure.  Six months after the launch, Google announced that it was offering rewards between $1,000 and $20,000 for integrating projects into OSS-Fuzz, and now says that it has paid over $600,000 to more than 65 different contributors as part of the program.  The company has now increased the highest reward available for new project integration to $30,000, which can be awarded depending on "the criticality of the project." The Fuzz Introspector tool analyzes functions, static call graphs, and runtime coverage information to provide insights into fuzzing coverage blockers.  Google noted that the Fuzz Introspector tool provides these insights by identifying complex code blocks that are blocked during fuzzing at runtime, as well as suggesting new fuzz targets that can be added.  By increasing payouts and expanding the OSS-Fuzz rewards program, Google seeks to strengthen OSS-Fuzz to find more vulnerabilities before they are exploited.

SecurityWeek reports: "Google Shells Out $600,000 for OSS-Fuzz Project Integrations"