Just a few weeks ago, we published Jazzer, our coverage-guided fuzzing engine for the Java Virtual Machine. Today, we're proud to announce that we integrated our Java fuzzer into Google's OSS-Fuzz. Now, open-source projects can use Google’s infrastructure and computing power to secure their Java libraries.
With Jazzer, developers can increase their test coverage to find edge cases leading to software bugs and security issues more effectively. No changes to the source code or build system are required. Many of our proven fuzzing techniques, such as mutation strategies, error detection, and feedback from the program during run-time, are compatible with libFuzzer.
We are teaming up with Google to support more languages for OSS-Fuzz. Since 2016, Google has been offering large-scale testing for open-source projects. With our extension, developers can now use this infrastructure to test Java libraries. Kotlin, Scala, and other JVM languages are supported as well. See how to use it in Google's security blog.
For more details, recap our talk with Abhishek (Google) and Sergej (Code Intelligence) on FuzzCon Europe on March 24th. We were joined by leading experts from Google (OSS-Fuzz), Microsoft Research (RESTler) and StackHawk (OWASP ZAP).