This week, Google announced an expansion of its OSS-Fuzz rewards program, which rewards contributors for integrating projects into OSS-Fuzz. OSS-Fuzz was created in 2016 with the goal of making open source software more secure by identifying vulnerabilities through continuous fuzzing. Since its launch, Google has paid out over $600,000 to more than 65 different contributors, with rewards ranging from $1,000 to $20,000. Now, the highest reward available for new project integration has been increased to $30,000, depending on the project's criticality. Additionally, Google has released the Fuzz Introspector tool, which provides insights into fuzzing coverage blockers by analyzing functions, static call graphs, and runtime coverage information. By increasing payouts and expanding the OSS-Fuzz rewards program, Google hopes to make OSS-Fuzz even more effective at finding vulnerabilities before they can be exploited.
This Cyber News was published on www.securityweek.com. Publication date: Fri, 03 Feb 2023 12:18:02 +0000