Last December, Google launched a new project called OSS-Fuzz in an attempt to improve the security of open source software, particularly the software commonly used by enterprises. Now it has announced that the effort has uncovered 1,000 bugs, including 265 that are potential security vulnerabilities. That’s impressive considering that only 46 open source projects have started using OSS-Fuzz so far. Projects that have benefited from the effort include LibreOffice, Wireshark, FFmpeg and FreeType.
To encourage more participation, Google has launched a new incentive program for OSS-Fuzz. The incentives will be part of the company’s existing Patch Rewards program, and projects can get $1,000 just for integrating OSS-Fuzz into their testing procedures.