Microsoft’s new Project OneFuzz framework: A breakthrough to find and fix bugs

    Microsoft’s OneFuzz

    Microsoft has introduced a distinctive tool called Project OneFuzz, an extensible fuzz testing framework for Azure. Early this year, they declared that they would rebuild their existing software testing experience known as Microsoft Security and Risk Detection with an automated, open-source tool as the industry moved toward this model. 

    Fuzz testing is a beneficial strategy for improving the protection and dependability of native code. Microsoft said that it seeks to facilitate developers to effortlessly and continuously fuzz test their code preliminary to release. This global release of Project OneFuzz is intended to help harden the platforms and tools that power our day-to-day work and personal lives to make an attacker’s job more problematic.

    Contemporary improvements in the compiler world, open-sourced in LLVM and pioneered by Google, have altered the security engineering tasks implicated in fuzz testing native code. What was previously attached—at great expense—can now be baked into continuous build systems through:

    • Input harnessing once affixed via custom I/O harnesses can be baked in with libfuzzer’s LLVMFuzzerTestOneInput function prototype.
    • Crash detection, once affixed via devices such as Electric Fence, can be baked in with Asan.
    • Coverage tracking, once affixed via tools such as iDNA, Dynamo Rio, and Pin can be baked in with Sancov.

    According to Microsoft, Project OneFuzz has already facilitated constant developer-driven fuzzing of Windows. This has enabled the corporation to proactively strengthen the Windows platform prior to shipment of the latest OS builds. Developers can initiate fuzz jobs, with a sole command line, varying in size from a few VM to thousands of cores.              Project OneFuzz enables:

    • Built-in ensemble fuzzing: Fuzzers work as a unit to share stability, trading inputs of interest between fuzzing technologies
    • Composable fuzzing workflows: Open source enables users to onboard their own fuzzers, instrumentation, swap and manage seed inputs.
    • Observable and Debug-able: Transparent layout enables reflection into every stage.
    • Programmatic triage and result deduplication: It delivers different flaw cases that constantly reproduce.

    Project OneFuzz is accessible now on GitHub under an MIT authorization. Microsoft will proceed to maintain and improve Project OneFuzz, delivering updates to the open-source community as they emerge. 

    Share issues, statements, and acknowledgements with Microsoft:

    Recent Articles

    Applitools partners with Sogeti on 2021 State of Artificial Intelligence applied to Quality Engineering Report

      Applitools, a developer of next-generation test automation platforms such as Ultrafast Test Cloud and Visual AI, announced on the 26th of July that it...

    Trending in Testing Weekly Newsletter #4

      We are excited to present the 4th edition of “Trending in Testing” Weekly Newsletter. Here are the latest updates: Trending News: 1. Robotic Process Automation (RPA)...

    8 Great Resources to learn Testing and Automation in 2021

      One of the important stages in the development of the software process is software testing. There are hundreds of tools out there in the...

    Cypress 8.0.0 released with New Features and Bugfixes recently released Cypress 8.0.0 version, the new version comes with numerous bug fixes and new features. With the new version, all browsers will...

    Robotic Process Automation (RPA) Developer Career Path – Are you Ready to Begin?

      Are you interested in becoming a Robotic Process Automation (RPA) Developer? You might be asking yourself, “What is RPA?”, and that’s a perfectly valid question....

    Related Stories

    Stay on op - Ge the daily news in your inbox