Researchers from Google’s OSS-Fuzz team have successfully used AI to identify 26 vulnerabilities in open-source projects maintainers.
These included a flaw that has existed for two decades in the OpenSSL library (CVE-2024-9143), a software library that most HTTPS websites rely on.
The OSS-Fuzz team has supported open-source maintainers in fixing x over 11,000 vulnerabilities over the past eight years as part of the Google Open Source Security Team.
However, the 26 newly identified vulnerabilities are among the first to be detected by OSS-Fuzz with the help of generative AI.
Specifically, the Google researchers used a framework based on a large language model (LLM) trained in-house to generate more fuzz targets.
Fuzz testing, also known as fuzzing, is the most common way developers use to test software for vulnerabilities and bugs before they go into production.
The method involves providing invalid, unexpected or random data as inputs to a computer program or software. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
Fuzz targets are the specific areas of a program or system that are being tested or "fuzzed" by a fuzzer.
No tags.
