Speaker
Description
Fuzzing is a popular and effective software testing method used to identify software bugs, such as the serious Heartbleed bug (CVE-2014-0160) in OpenSSL. In response to such software vulnerabilities, Google proposes OSS-Fuzz, which supports continuous fuzz testing for crucial open source software. However, developers who are unfamiliar with software testing and the OSS-Fuzz framework often face significant challenges when integrating their projects into the Google solution. Even after the initial integration, the implementation of the fuzzing approaches can vary significantly in different projects, leaving the developers wondering what they can do to improve the performance of existing fuzzing drivers and what they can learn from existing integration for more projects.
To bridge this gap, this talk will share insights from our experience in integrating OpenPrinting projects into OSS-Fuzz together with the Google OSS-Fuzz Team. Furthermore, we will present an accessible overview of the current academic and community developments in fuzzing technology.
This session aims to provide the audience with a practical paradigm for integrating fuzz testing into open source software, thereby enhancing both their understanding and practical skills in securing open source ecosystems by using fuzzing techniques.
Any other info we should know?
Thanks for organizing this event. I was fortunate to participate in the fuzzing integration project for OpenPrinting with mentors including Dr. Till Kamppeter, George-Andrei Iosif, and Dr. Dongge Liu. This project provided me with invaluable experiences and domain-specific knowledge, which motivates me to use this opportunity to inspire college students to engage with the open source community and to provide guidance to developers on integrating OSS-Fuzz to enhance security.
Session author's bio
Jiongchi Yu is a Ph.D. candidate in Computer Science at Singapore Management University. His research focuses on traditional software testing and security issues of container cloud systems.
George-Andrei Iosif is a security engineer working on hardening Snapchat, open source contributor, Google Summer of Code mentor, and startup advisor on cybersecurity matters.
Till is leader of OpenPrinting since it was founded in 2001, introduced the CUPS printing system in Mandrake Linux in 2000 working at MandrakeSoft and with this and a lot of evangelism (booths, talks, workshops) made the other distros also switch to CUPS, since 2006 printing maintainer at Canonical, co-organizing annual meetings with the Printer Working Group (PWG), since 2008 every year mentoring in Google Summer of Code, doing everything to make printing on Linux and alike operating systems "just work". With his OpenPrinting work Till has many years of experience with presenting on conferences and participating in their organization. Till is also fellow of the Linux Foundation.
Dr. Dongge Liu serves as a software engineer on the Google Open Source Security Team (GOSST), leading the OSS-Fuzz-Gen project. The project leverages Large Language Models (LLMs) to automate fuzz target generation and vulnerability detection, thus improving the security of open-source software. He also contributes to FuzzBench, a platform that statistically evaluates and benchmarks novel fuzzing tools against real world projects and vulnerabilities. Prior to joining Google, Dongge earned his PhD from the University of Melbourne, focusing on applying machine learning to enhance traditional software testing methods, including fuzzing and symbolic execution.
| In Person Attendance | Remote |
|---|---|
| Please confirm that there are included headshots of all speakers in their profiles | Yes |
| Level of Difficulty | Intermediate |
| Social Media | https://twitter.com/fish59344504 |
| Agree to Privacy Policy and Notice | I agree |