diff options
author | kplybon <53794715+kplybon@users.noreply.github.com> | 2019-08-08 10:12:25 -0400 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2019-08-08 07:12:25 -0700 |
commit | 8216f278e4f9c602299266177a92d22650a7035e (patch) | |
tree | e8e2aa335d43da6e7048796e0ad32fd421e42b3e /README.md | |
parent | e8ca6e151449a4561d6169bcf2043a2a5932ac06 (diff) |
Docs: Edit OSS-Fuzz landing page. (#2667)
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 32 |
1 files changed, 15 insertions, 17 deletions
@@ -1,30 +1,28 @@ -# OSS-Fuzz - Continuous Fuzzing for Open Source Software - -## Introduction +# OSS-Fuzz: Continuous Fuzzing for Open Source Software [Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known -technique for uncovering various kinds of programming errors in software. -Many of these detectable errors (e.g. [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow)) can have serious security implications. - -We successfully deployed +technique for uncovering programming errors in software. +Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google found [hundreds](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-status%3ADuplicate%2CWontFix) of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html) -and found [hundreds](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-status%3ADuplicate%2CWontFix) of security vulnerabilities and stability bugs. We now want to share the experience and the service with the open source community. +and, and we now want to share that service with the open source community. In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), OSS-Fuzz aims to make common open source software more secure and stable by -combining modern fuzzing techniques and scalable +combining modern fuzzing techniques with scalable, distributed execution. -We support [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) as fuzzing engines -in combination with [Sanitizers](https://github.com/google/sanitizers). -[ClusterFuzz](https://google.github.io/oss-fuzz/furthur-reading/clusterfuzz) -provides a distributed fuzzer execution environment and reporting. You can -checkout ClusterFuzz [here](https://github.com/google/clusterfuzz). +We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines +in combination with [Sanitizers](https://github.com/google/sanitizers), as well as +[ClusterFuzz](https://github.com/google/clusterfuzz), +a distributed fuzzer execution environment and reporting tool. + +Currently, OSS-Fuzz supports C and C++ code, though other languages supported by [LLVM](http://llvm.org) may work too. -Currently OSS-Fuzz supports C and C++ code (other languages supported by [LLVM](http://llvm.org) may work too). +## Overview +![OSS-Fuzz process diagram](docs/images/process.png) -## Documentation -You can find detailed documentation [here](https://google.github.io/oss-fuzz). +##Documentation +Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz. ## Trophies As of August 2019, OSS-Fuzz has found [~14,000] bugs in over [200] open source |