Login

Opportunity Open Source Conference 3.0

Sep 5 – 7, 2025
Asia/Kolkata timezone

Fuzzing Go and Python Projects in OSS-Fuzz: The OpenPrinting Case Study

Sep 6, 2025, 12:55 PM
40m
Room 1: Plenary

Room 1: Plenary
Talk (40 min) Security

Speaker

Mohammed Imaduddin

Description

As printers and their drivers increasingly become network-aware and cloud-integrated, the need for robust security in printing software has never been more critical. Bugs in such infrastructure components, especially memory corruption or input handling vulnerabilities, can be exploited in real-world attack vectors. Fuzzing, a dynamic testing technique, has proven effective in uncovering such vulnerabilities, as demonstrated by notorious bugs like Heartbleed.

This talk shares hands-on insights from Google Summer of Code 2025, where I contributed to integrating fuzz testing into the OpenPrinting ecosystem. The project aimed to improve the security posture of key open source components: goipp, ipp-usb, pycups, and pyppd, by leveraging Google's OSS-Fuzz platform. These components implement IPP (Internet Printing Protocol) and manage interactions between Linux systems and USB or network printers.

In this session, I will walk through:

  • How we identified fuzzing targets across Go and Python codebases
  • The challenges of fuzzing polyglot systems and working with legacy or hardware-dependent code
  • How OSS-Fuzz's architecture supports continuous security testing
  • Examples of vulnerabilities and crashes caught through fuzzing
  • Lessons learned, including tips for improving code coverage and triaging fuzzing results

This talk is designed for both open source maintainers and students interested in software testing. You'll leave with practical strategies for adopting fuzzing tools, improving code quality, and securing real-world systems through continuous testing. Whether you're just getting started or looking to harden your project against subtle bugs, this session will help you build safer and more resilient software.

Session author's bio

Mohammed Imaduddin is a final-year Computer Science undergraduate and an open source contributor under the Google Summer of Code 2025 program. His work with OpenPrinting focuses on integrating fuzz testing into widely-used printing software written in Go and Python.

Please confirm that there are included headshots of all speakers in their profiles Yes
Agree to Privacy Policy and Notice I agree
In Person Attendance In-person
Level of Difficulty Intermediate

Presentation materials

mohammed-immaduddin-talk-fuzzing-go-python-openprinting.pdf
mohammed-immaduddin-talk-fuzzing-go-python-openprinting.pptx

© 2024 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.