Google has open sourced its software testing tool ClusterFuzz.
The fuzzing software is designed to automatically feed unexpected inputs to an application in order to unearth bugs.
Google originally wrote ClusterFuzz to test for bugs in its Chrome web browser, throwing 25,000 cores at the task. In 2012, Google said that ClusterFuzz was running around 50 million test cases a day on Chrome. So far it’s helped find some 16,000 bugs in the web browser.
In October 2016 Google launched OSS-Fuzz: A free ClusterFuzz service for open source projects. OSS-Fuzz has discovered around 11,000 bugs in more than 160 open source projects.
Last week Google announced it had released ClusterFuzz itself as open source, with source code available from GitHub. (The system is written in Python and Go.)
“We developed ClusterFuzz over eight years to fit seamlessly into developer workflows, and to make it dead simple to find bugs and get them fixed,” a post on Google’s security blog said.
“ClusterFuzz provides end-to-end automation, from bug detection, to triage (accurate deduplication, bisection), to bug reporting, and finally to automatic closure of bug reports.”
ClusterFuzz has been released under version 2.0 of the Apache License.