Kategorie
Síťová úložiště QNAP jsou děravá, NASy mohou zpřístupnit data na dálku. Oprava už existuje
Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered
Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations
Linux Foundation Launches Open Source Metaverse Group to Drive Interoperability
Protecting Against Linux Malware
The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity
Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
S3 Ep120: When dud crypto simply won’t let go [Audio + Text]
New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities
Intel's "DOITM" Security Feature Not Intended For Always-On Use, Linux Patches To Be Revised
Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?
North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
Password-stealing “vulnerability” reported in KeePass – bug or feature?
Taking the next step: OSS-Fuzz in 2023
Since launching in 2016, Google's free OSS-Fuzz code testing service has helped get over 8800 vulnerabilities and 28,000 bugs fixed across 850 projects. Today, we’re happy to announce an expansion of our OSS-Fuzz Rewards Program, plus new features in OSS-Fuzz and our involvement in supporting academic fuzzing research.
Refreshed OSS-Fuzz rewardsThe OSS-Fuzz project's purpose is to support the open source community in adopting fuzz testing, or fuzzing — an automated code testing technique for uncovering bugs in software. In addition to the OSS-Fuzz service, which provides a free platform for continuous fuzzing to critical open source projects, we established an OSS-Fuzz Reward Program in 2017 as part of our wider Patch Rewards Program.
We’ve operated this successfully for the past 5 years, and to date, the OSS-Fuzz Reward Program has awarded over $600,000 to over 65 different contributors for their help integrating new projects into OSS-Fuzz.
Today, we’re excited to announce that we’ve expanded the scope of the OSS-Fuzz Reward Program considerably, introducing many new types of rewards!
These new reward types cover contributions such as:
- Project fuzzing coverage increases
- Notable FuzzBench fuzzer integrations
- Integrating a new sanitizer (example) that finds two new vulnerabilities
These changes boost the total rewards possible per project integration from a maximum of $20,000 to $30,000 (depending on the criticality of the project). In addition, we’ve also established two new reward categories that reward wider improvements across all OSS-Fuzz projects, with up to $11,337 available per category.
For more details, see the fully updated rules for our dedicated OSS-Fuzz Reward Program.
OSS-Fuzz improvementsWe’ve continuously made improvements to OSS-Fuzz’s infrastructure over the years and expanded our language offerings to cover C/C++, Go, Rust, Java, Python, and Swift, and have introduced support for new frameworks such as FuzzTest. Additionally, as part of an ongoing collaboration with Code Intelligence, we’ll soon have support for JavaScript fuzzing through Jazzer.js.
FuzzIntrospector supportLast year, we launched the OpenSSF FuzzIntrospector tool and integrated it into OSS-Fuzz.
We’ve continued to build on this by adding new language support and better analysis, and now C/C++, Python, and Java projects integrated into OSS-Fuzz have detailed insights on how the coverage and fuzzing effectiveness for a project can be improved.
The FuzzIntrospector tool provides these insights by identifying complex code blocks that are blocked during fuzzing at runtime, as well as suggesting new fuzz targets that can be added. We’ve seen users successfully use this tool to improve the coverage of jsonnet, file, xpdf and bzip2, among others.
Anyone can use this tool to increase the coverage of a project and in turn be rewarded as part of the refreshed OSS-Fuzz rewards. See the full list of all OSS-Fuzz FuzzIntrospector reports to get started.
Fuzzing research and competitionThe OSS-Fuzz team maintains FuzzBench, a service that enables security researchers in academia to test fuzzing improvements against real-world open source projects. Approaching its third anniversary in serving free benchmarking, FuzzBench is cited by over 100 papers and has been used as a platform for academic fuzzing workshops such as NDSS’22.
This year, FuzzBench has been invited to participate in the SBFT'23 workshop in ICSE, a premier research conference in the field, which for the first time is hosting a fuzzing competition. During this competition, the FuzzBench platform will be used to evaluate state-of-the-art fuzzers submitted by researchers from around the globe on both code coverage and bug-finding metrics.
Get involved!We believe these initiatives will help scale security testing efforts across the broader open source ecosystem. We hope to accelerate the integration of critical open source projects into OSS-Fuzz by providing stronger incentives to security researchers and open source maintainers. Combined with our involvement in fuzzing research, these efforts are making OSS-Fuzz an even more powerful tool, enabling users to find more bugs, and, more critically, find them before the bad guys do!
Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- …
- následující ›
- poslední »
