Google open sources ClusterFuzz

Releases fuzzing tool as open source

Google has open sourced its software testing tool ClusterFuzz.

The fuzzing software is designed to automatically feed unexpected inputs to an application in order to unearth bugs.

Google originally wrote ClusterFuzz to test for bugs in its Chrome web browser, throwing 25,000 cores at the task. In 2012, Google said that ClusterFuzz was running around 50 million test cases a day on Chrome. So far it’s helped find some 16,000 bugs in the web browser.

In October 2016 Google launched OSS-Fuzz: A free ClusterFuzz service for open source projects. OSS-Fuzz has discovered around 11,000 bugs in more than 160 open source projects.

Last week Google announced it had released ClusterFuzz itself as open source, with source code available from GitHub. (The system is written in Python and Go.)

“We developed ClusterFuzz over eight years to fit seamlessly into developer workflows, and to make it dead simple to find bugs and get them fixed,” a post on Google’s security blog said.

“ClusterFuzz provides end-to-end automation, from bug detection, to triage (accurate deduplication, bisection), to bug reporting, and finally to automatic closure of bug reports.”

ClusterFuzz has been released under version 2.0 of the Apache License.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags open sourceVulnerabilitiesGoogleGoogle Cloud Platform

More about ApacheGoogle

Show Comments