Google revealed today that OSS-Fuzz, the company’s automated fuzzing service/bot, has identified and reported over 9,000 vulnerabilities in widely used open source projects in the past two years.
OSS-Fuzz was launched in December 2016 and is an automated tool developed by Google that can find vulnerabilities in applications via a technique called fuzzing.
A fuzzer (fuzzing tool) and the technique of fuzzing works by feeding a software application with large quantities of random data and analyzing its output for abnormalities and crashes — which, in turn, give developers a hint about the presence of possible bugs in the app’s code.