Loading…
September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, September 13 • 17:10 - 17:50
Making Fuzzing Part of Your Software Development Lifecycle - Jonathan Metzman, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Fuzzing is a testing technique that uses randomized inputs to find bugs in software. Fuzzing is the most successful automated vulnetability/bug-finding technique and has recently experienced an enormous growth in popularity. In this talk we will share our experience helping thousands of developers incorporate fuzzing into their software development lifecycle. We will walk though tools and techniques used to secure hundreds of open source projects, including: - libFuzzer and AFL++: Coverage-guided fuzzers that can be used for fuzzing code where source is available and binaries where the source code is not available. - ClusterFuzz and ClusterFuzzLite: Continuous Integration infrastructure that runs your fuzzers to catch bugs in your software before they affect users. - OSS-Fuzz: free service that fuzzes critical open source projects such as Curl and OpenSSL. OSS-Fuzz has found 40,000 bugs (9,000 security) in more than 500 open source projects. - Syzkaller and Syzbot: Kernel fuzzing tool and infrastructure providing much of the same functionality described above for the Linux kernel. Viewers of this talk will walk away with the knowledge to start improving the security of their applications and dependencies with this essential testing technique.

Speakers
JM

Jonathan Metzman

Senior Software Engineer, Google
Jonathan Metzman is a software engineer at Google. Jonathan has worked on fuzzing for five years, first on Chromium's security team and now on Google's open source security team. Jonathan works on many open source fuzzing tools including OSS-Fuzz, a free service for open source projects... Read More →



Tuesday September 13, 2022 17:10 - 17:50 IST
Liffey B Part 2 (Level 1)