Google ClusterFuzzlite to Help Experts Find Vulnerabilities Earlier | Features, Supported Services, and More

Google unveiled ClusterFuzzLite, the fuzzing solution to solve the problems in the software supply chain. It was derived from the current ClusterFuzz tool, which was launched as open-source code several years ago.

In a blog post on Thursday, Nov.11, the company's software engineers Oliver Chang and Jonathan Metzman wrote about the capability of the security tool. According to them, it could now detect vulnerabilities earlier than before.

What is ClusterFuzzLite?

Google ClusterFuzzlite to Help Experts Find Vulnerabilities Earlier | Features, Supported Services, and More
Google has released its ClusterFuzzLite tool which is based on the previous ClusterFuzz open-source program. Read to find out more about this newest security tool. Kai Wenzel from Unsplash

Before diving into the definition of the new tool, it's important to first know the meaning of fuzzing.

According to a report by VentureBeat on Thursday, Nov.11, this method is a technique used when detecting bugs through placing random or invalid data in the programs. With that, it could identify certain security flaws on the system which have bypassed the manual checking.

Moving on, ClusterFuzzlite is part of the OSS-Fuzz program which borrows its infrastructure from the ClusterFuzz. The search engine titan mentioned that it could be merged to increase the chance of finding vulnerabilities at a quicker rate.

Furthermore, this is also usable to the workflows for easy management of the software supply chain. This would help the experts to assess the changes before implementing them in the program.

ClusterFuzzLite Features and Supported CI Systems

Google's ClusterFuzzLite presents a lot of features that set it apart from its based ClusterFuzz tool. These include sanitizer support, consistent fuzzing, and coverage report creation, according to another report by ZDNet on Friday, Nov.12.

According to the team behind this security tool, the latest creation requires little effort to set up. This would pave the way for developers to have an easy grasp of the open-source code for their programs.

"With ClusterFuzzLite, fuzzing is no longer just an idealized "bonus" round of testing for those who have access to it, but a critical must-have step that everyone can use continuously on every software project.

Google also aims to build a "more secure software ecosystem" that will be free from bugs and other forms of vulnerabilities.

Currently, it officially supports some CI systems such as the early-beta project Prow, Google Cloud Build, and GitHub Actions.

In the meantime, you can view the whole information about ClusterFuzzLite by clicking here.

Google's Two-Factor Authentication Process

Earlier in October, Tech Times reported that the company will launch the two-step verification process for 150 million users who are expected to enroll at the end of the year.

The action was approved by Google following complaints from users who experience security threats. To add, this initiative will upgrade the firm's privacy protection to a new level.

At the time of the report, the tech giant also said that it would bring the security feature to YouTube where they will require two million creators to use 2FA.

Google has been struggling to contain security flaws over the past months. The recent software that it released would strengthen its campaign to bar malicious threats from spreading on its platforms.

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics