Google has launched OSS-Fuzz, a new beta service that provides continuous testing for open source software. It uses fuzzing engines and sanitizers to look for security vulnerabilities in open source software. “Open source software is the backbone of the many apps, sites, services and networked things that make up ‘the internet’,” said Google. “It is important that the open source foundation be stable, secure and reliable, as cracks and weaknesses impact all who build on it.”
Currently the service is available only to large open source projects that Google considers to be critical infrastructure. The company says it has already found more than 150 bugs in widely used open source software.