HomeCyber BalkansGoogle provides complimentary access to fuzzing framework

Google provides complimentary access to fuzzing framework

Published on

spot_img

Google announced on Wednesday that it is offering free access to its fuzzing framework, OSS-Fuzz, in an effort to encourage its use by developers and researchers. This framework utilizes large language models (LLMs) to automate the manual aspects of fuzz testing and is aimed at uncovering zero-day vulnerabilities in software.

In the company’s security blog post, Google’s open-source security team members Dongge Liu and Oliver Chang, along with machine language security team members Jan Nowakowski and Jan Keller, highlighted the tangible security improvements that can be attained by using OSS-Fuzz and LLMs. They noted that the use of LLMs to write project-specific code has significantly boosted fuzzing coverage and led to the discovery of two new vulnerabilities in widely used projects, cJSON, and libplist.

Despite the fact that both of these projects had already undergone fuzzing for years, the use of LLM-generated code uncovered vulnerabilities that could have otherwise gone unnoticed. This underscores the value of investing in advanced fuzzing techniques for uncovering vulnerabilities that may have remained undiscovered and unfixed indefinitely.

John McShane, senior security product manager at the Synopsys Software Integrity Group, emphasized the growing popularity of fuzzing in uncovering unknown or zero-day vulnerabilities, citing the discovery of the infamous Heartbleed vulnerability using a commercial fuzzing product.

Gisela Hinojosa, head of cybersecurity services at Cobalt Labs, emphasized the automated nature of fuzzing tests and their effectiveness in uncovering both low-hanging fruit and high-impact vulnerabilities such as buffer overflows. The hands-off nature of fuzzing makes it a relatively easy way to detect vulnerabilities without the need for constant oversight.

However, Shane Miller, an advisor to the Rust Foundation and a senior fellow at the Atlantic Council, cautioned that investment in dynamic testing tools like fuzzing should not be seen as a substitute for secure-by-design tactics. While fuzzing is a powerful tool for improving software security, Miller stressed the importance of choosing memory-safe programming languages as part of a comprehensive approach to developing secure software.

Overall, Google’s move to offer free access to its fuzzing framework, OSS-Fuzz, reflects the growing importance of advanced techniques such as LLM-enhanced fuzzing in uncovering vulnerabilities in software. As the threat landscape continues to evolve, embracing innovative approaches to security testing will be essential in mitigating the risks associated with software vulnerabilities.

Source link

Latest articles

Review of Mr Natwarlal Movie: Delve into the realm of cyber crime

Director Lava Kaggere has chosen an intriguing subject for his latest film, which not...

VPN Usage in Times of War: How Increasing Global Conflicts are Prompting a Greater Need for VPNs

The current state of global affairs is marked by escalating conflicts and increasing tensions...

ThreeAM Ransomware Cyberattack Targets Two New Victims

In recent news, the notorious ThreeAM ransomware group has launched another cyberattack, this time...

Ukrainian TV channel reports Russian hacker attack and broadcasting propaganda

Priamyi TV channel recently fell victim to a malicious cyber attack, where Russian propaganda...

More like this

Review of Mr Natwarlal Movie: Delve into the realm of cyber crime

Director Lava Kaggere has chosen an intriguing subject for his latest film, which not...

VPN Usage in Times of War: How Increasing Global Conflicts are Prompting a Greater Need for VPNs

The current state of global affairs is marked by escalating conflicts and increasing tensions...

ThreeAM Ransomware Cyberattack Targets Two New Victims

In recent news, the notorious ThreeAM ransomware group has launched another cyberattack, this time...
en_USEnglish