Network Security, Vulnerability Management

OSS-Fuzz uncovered more 1K bugs, 264 could be security vulnerabities

In the five months since Google launched its OSS-Fuzz program, the initiative has uncovered more than 1,000 bugs, 264 of which could potentially be security flaws, the company said Tuesday.

Google found 33 vulnerabilities in LibreOffice, 10 in FreeType2, 17 in FFmpeg, 25 in PCRE2 and another 10 in GnuTLS as well as seven in Wireshark and nine in gRPC.

“We've also had at least one bug collision with another independent security researcher,” according to a Google security blog, which said that the company's robot army processed 10 trillion test inputs daily.

Google also announced that its Patch Rewards program going forward would “include rewards for the integration of fuzz targets into OSS-Fuzz.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.