Speakers
Description
“12,000 bugs in open-source software written mostly in memory-unsafe languages.”
This is a line that will capture the attention of an application security engineer. While one might question the validity of this information, it is indeed the truth. This is the number of bugs discovered by OSS-Fuzz, a service provided by Google to fuzz critical open-source projects.
Join our dynamic and hands-on workshop to learn how to integrate your open-source projects with OSS-Fuzz. By the end, you’ll be equipped to:
- Understand what fuzzing is and how OSS-Fuzz works.
- Run fuzzers locally on their development hosts.
- Write fuzzing harnesses.
- Investigate crashes to find their root cause.
- Write and submit patches for the vulnerable code.
The workshop features real-world success stories from the Linux printing backbone, OpenPrinting, highlighting its seamless integration with OSS-Fuzz thanks to a Google Summer of Code contributor.
Intrigued? Join us to help increase the number of bugs detected by OSS-Fuzz by participating in the workshop and starting to fuzz your projects!
Session author's bio
Dongge Liu serves as a software engineer on Google’s Open Source Security Team (GOSST), leading OSS-Fuzz-Gen to use Large Language for automated fuzz target generation and vulnerability detection. He also contributes to FuzzBench, benchmarking fuzzing tools, and holds a PhD in applying machine learning to improve software testing methods.
Andrei is a security engineer working on hardening Snapchat, open source contributor, Google Summer of Code mentor, and startup advisor on cybersecurity matters.
Jiongchi Yu is a Ph.D. candidate in Computer Science at Singapore Management University. His research focuses on traditional software testing and security issues of container cloud systems.
Level of Difficulty | Intermediate |
---|