25–27 Oct 2024
The Hague, Netherlands
Europe/Amsterdam timezone

Fuzzing in the open: Integrate your project in OSS-Fuzz for continuous fuzzing

26 Oct 2024, 11:30
1h 30m
Princess Ariane - Workshop Room (World Forum The Hague)

Princess Ariane - Workshop Room

World Forum The Hague

100
Show room on map
Workshop (90 Minutes) Security

Speakers

Dongge Liu
George-Andrei Iosif
Snap Inc.
Jiongchi Yu
Singapore Management University

Description

12,000 bugs in open-source software written mostly in memory-unsafe languages.

This is a line that will capture the attention of an application security engineer. While one might question the validity of this information, it is indeed the truth. This is the number of bugs discovered by OSS-Fuzz, a service provided by Google to fuzz critical open-source projects.

Join our dynamic and hands-on workshop to learn how to integrate your open-source projects with OSS-Fuzz. By the end, you’ll be equipped to:

  1. Understand what fuzzing is and how OSS-Fuzz works.
  2. Run fuzzers locally on their development hosts.
  3. Write fuzzing harnesses.
  4. Investigate crashes to find their root cause.
  5. Write and submit patches for the vulnerable code.

The workshop features real-world success stories from the Linux printing backbone, OpenPrinting, highlighting its seamless integration with OSS-Fuzz thanks to a Google Summer of Code contributor.

Intrigued? Join us to help increase the number of bugs detected by OSS-Fuzz by participating in the workshop and starting to fuzz your projects!

Session author's bio

Dongge Liu serves as a software engineer on Google’s Open Source Security Team (GOSST), leading OSS-Fuzz-Gen to use Large Language for automated fuzz target generation and vulnerability detection. He also contributes to FuzzBench, benchmarking fuzzing tools, and holds a PhD in applying machine learning to improve software testing methods.

Andrei is a security engineer working on hardening Snapchat, open source contributor, Google Summer of Code mentor, and startup advisor on cybersecurity matters.

Jiongchi Yu is a Ph.D. candidate in Computer Science at Singapore Management University. His research focuses on traditional software testing and security issues of container cloud systems.

Level of Difficulty Intermediate

Presentation materials