Nand Kishor Contributor

Nand Kishor is the Product Manager of House of Bots. After finishing his studies in computer science, he ideated & re-launched Real Estate Business Intelligence Tool, where he created one of the leading Business Intelligence Tool for property price analysis in 2012. He also writes, research and sharing knowledge about Artificial Intelligence (AI), Machine Learning (ML), Data Science, Big Data, Python Language etc... ...

Follow on

Nand Kishor is the Product Manager of House of Bots. After finishing his studies in computer science, he ideated & re-launched Real Estate Business Intelligence Tool, where he created one of the leading Business Intelligence Tool for property price analysis in 2012. He also writes, research and sharing knowledge about Artificial Intelligence (AI), Machine Learning (ML), Data Science, Big Data, Python Language etc...

Industy seeks clear Artifical Intelligence policy: Ravi Shankar Prasad
today

Microsoft's Latest AI Creation Reveals Just How Much Computers Can Imagine
yesterday

10 Artificial Intelligence Trends to Watch in 2018
yesterday

Google CEO Sundar Pichai compares impact of AI to electricity and fire
yesterday

Bowling For AI: Booz Allen Hamilton And Kaggle Launch Data Science Bowl 2018
2 days ago

Top 10 Hot Artificial Intelligence (AI) Technologies
109011 views

Google announces scholarship program to train 1.3 lakh Indian developers in emerging technologies
43932 views

Want to be a millionaire before you turn 25? Study artificial intelligence or machine learning
43305 views

The Top 10 Artifical Intelligence (AI) And Machine Learning Use Cases Everyone Should Know About
24576 views

Google offers online course in jobs push amid concerns about AI
22344 views

Google's Fuzz bot exposes over 1,000 open-source bugs

May 10, 2017 | 1167 Views

Google's OSS-Fuzz bug-hunting robot has been hard at work, and in recent months, over 1,000 bugs have been exposed.

According to Chrome Security engineers Oliver Chang and Abhishek Arya, software engineer Kostya Serebryany, and Google Security program manager Josh Armour, the OSS-Fuzz bot has been scouring the web over the past five months in the pursuit of security vulnerabilities which can be exploited.

The OSS-Fuzz bot uses a technique called fuzzing to find bugs. Fuzzing is an automatic method of using large amounts of random data against a system or software in an attempt to make it crash. By doing so, fuzzing can ferret out bugs and potential vulnerabilities quickly without the process being labor-intensive for security professionals.

The process itself is well-established, and with the introduction of OSS-Fuzz to the community at large this year, over 10 trillion test inputs are being processed every day. Together with the open-source community, over 1,000 bugs have been discovered across 47 projects, of which 264 are potential security vulnerabilities.

The bugs and potential security issues uncovered include heap buffer overflow problems, use-after-free vulnerabilities, stack overflows, and data leaks. However, fuzzing does not just focus on memory-related problems but also records correctness or logic bugs.

Notably, OSS-Fuzz has found numerous security vulnerabilities in high-profile projects which provide support and components to well-known consumer software. In total, 10 bugs were discovered in FreeType2, 17 in FFmpeg, 33 in LibreOffice, 8 in SQLite 3, 10 in GnuTLS, 25 in PCRE2, 9 in gRPC, and 7 in Wireshark. (Some discoveries have collided with other researchers' work and some are view-restricted.)

"Once a project is integrated into OSS-Fuzz, the continuous and automated nature of OSS-Fuzz means that we often catch these issues just hours after the regression is introduced into the upstream repository, so that the chances of users being affected is reduced," Google says.

Google believes that as a security tool, fuzzing should be adopted in the mainstream. To this end, the tech giant is expanding the Patch Rewards program to include rewards for IT professionals who utilize the bot.

To qualify, projects much have a large user base or global IT infrastructure. When OSS-Fuzz is first introduced a reward of $1,000 is given, and for what Google considers "ideal integration," up to $20,000 is up for grabs. Should vendors and staff choose to donate their reward to charity, this amount is doubled.

Interested parties can contact Google to apply.

"We'd like to thank the existing contributors who integrated their projects and fixed countless bugs," the Google team says. "We hope to see more projects integrated into OSS-Fuzz, and greater adoption of fuzzing as standard practice when developing software." Read More

Source: ZDnet
Nand Kishor Contributor

Nand Kishor is the Product Manager of House of Bots. After finishing his studies in computer science, he ideated & re-launched Real Estate Business Intelligence Tool, where he created one of the leading Business Intelligence Tool for property price analysis in 2012. He also writes, research and sharing knowledge about Artificial Intelligence (AI), Machine Learning (ML), Data Science, Big Data, Python Language etc... ...

Full Bio 
Follow on

Nand Kishor is the Product Manager of House of Bots. After finishing his studies in computer science, he ideated & re-launched Real Estate Business Intelligence Tool, where he created one of the leading Business Intelligence Tool for property price analysis in 2012. He also writes, research and sharing knowledge about Artificial Intelligence (AI), Machine Learning (ML), Data Science, Big Data, Python Language etc...

Industy seeks clear Artifical Intelligence policy: Ravi Shankar Prasad
today

Microsoft's Latest AI Creation Reveals Just How Much Computers Can Imagine
yesterday

10 Artificial Intelligence Trends to Watch in 2018
yesterday

Google CEO Sundar Pichai compares impact of AI to electricity and fire
yesterday

Bowling For AI: Booz Allen Hamilton And Kaggle Launch Data Science Bowl 2018
2 days ago

Top 10 Hot Artificial Intelligence (AI) Technologies
109011 views

Google announces scholarship program to train 1.3 lakh Indian developers in emerging technologies
43932 views

Want to be a millionaire before you turn 25? Study artificial intelligence or machine learning
43305 views

The Top 10 Artifical Intelligence (AI) And Machine Learning Use Cases Everyone Should Know About
24576 views

Google offers online course in jobs push amid concerns about AI
22344 views