OSS-Fuzz - Google's continuous fuzzing service for open source software

Kostya Serebryany, Google

Abstract: 

The goal of OSS-Fuzz is to make common software infrastructure more secure by applying modern fuzzing techniques at large scale. Since the launch in Dec’16, our service has attracted over 50 popular OSS projects (from OpenSSL to LibreOffice) and automatically reported 1000+ bugs (including 200+ potential security vulnerabilities). In this talk, you will learn why we started this free service (hello, Heartbleed!), how it works, what kinds of bugs it detects, how to participate, and even how to get rewarded. The talk will include a ~20 minute live demo of libFuzzer - one of the fuzzing engines used by OSS-Fuzz.

Kostya Serebryany, Google

Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer, MemorySanitizer, ThreadSanitizer, and libFuzzer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from mesi.ru and a M.S. from msu.ru.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {203944,
author = {Kostya Serebryany},
title = {{OSS-Fuzz} - Google{\textquoteright}s continuous fuzzing service for open source software},
year = {2017},
address = {Vancouver, BC},
publisher = {USENIX Association},
month = aug
}

Presentation Video