Cluster Fuzz: Google unveils tools for fuzzing in the cloud - Golem.de - Golem.de

Fuzzing automatically searches for errors in software by using this software with more or less random input data. This allows safety-critical gaps to be discovered. This was also evident in the OpenSSL gap Heartbleed, which could be found again by fuzzing. Because fuzzing sometimes requires a lot of resources, Google has outsourced it to its cloud and developed cluster fuzz that is now available as open-source software.

job market

  1. BWI GmbH, Nuremberg
  2. CG Car Guarantee Insurance AG, Freiburg

The idea of ​​cluster fuzz is to continuously fuzzing and integrate into the development process. Google itself has created cluster puzzles for these purposes for the Chromium project and has been using it for years. The offered infrastructure in the Google cloud runs on more than 25,000 CPU cores.

In addition to Chromium, the OSS Fuzz project offers more than two years ago testing of key open source projects. Again, cluster fuzz is used. This enormous processing power is in many cases not really necessary, because fuzzing can sometimes find errors within a few minutes. This of course does not apply to major projects such as Chromium.

Cluster fuzz code is available on Github under the Apache 2 license. But the code is still closely linked to many other Google tools, so that for a productive use on Google's Cloud Platform must be used. In addition, only Monorail is currently supported as a bug tracker because Chromium is using it. Thanks to the unveiling of the code Clusterfuzz could well be ported to other tools and software interfaces.

Leave a comment

Send a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.