Google has launched a new continuous fuzzing solution ClusterFuzzLite which will benefit developers to find and mitigate security flaws as well as bugs sooner in their applications.
Fuzzing in IT parlance refers to a job that can run infinitely. The algorithm generates multiple test cases that cover different paths, monitors for crashes and deals with other memory related problems.
In terms of network fuzzing, fuzz testing is used as a quality assurance technique to discover coding errors, loopholes in security in software, networks or operating systems. The data fed into the system is called fuzz, and is fed in large amounts to attempt to make it crash.
Google’s new fuzzing solution will run as part of the continuous interaction/continuous delivery (CI/CD) workflow products to find vulnerabilities faster.
The tool stems from an open-sourced scalable fuzzing architecture previously released by Google called as the ClusterFuzz.
California-based company The Mountain View integrates into existing workflows to improve chance of vulnerabilities to be found earlier in the lifecycle before the changes are committed.
ClusterFuzzLite will share similar features of ClusterFuzz including the likes of coverage report creation and continuous fuzzing, the difference being that the Lite version will be easy to setup with closed source projects, making it easier for developers to quickly fuzz software.
Currently ClusterFuzzLite will support the source codes from the likes of GitHub Actions, Google Cloud Build and Prow.
“ClusterFuzzLite, is a critical must-have step that everyone can use continuously on every software project. By finding and preventing bugs before they enter the codebase we can build a more secure software ecosystem,” Google said in a blog post