1--- 2layout: default 3title: OSS-Fuzz 4permalink: / 5nav_order: 1 6has_children: true 7has_toc: false 8--- 9 10# OSS-Fuzz 11 12[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known 13technique for uncovering programming errors in software. 14Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), 15can have serious security implications. Google has found [thousands] of security vulnerabilities and 16stability bugs by deploying 17[guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html), 18and we now want to share that service with the open source community. 19 20[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1 21 22In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), 23OSS-Fuzz aims to make common open source software more secure and stable by 24combining modern fuzzing techniques with scalable, 25distributed execution. 26 27We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) fuzzing engines 28in combination with [Sanitizers](https://github.com/google/sanitizers), as well as 29[ClusterFuzz](https://github.com/google/clusterfuzz), 30a distributed fuzzer execution environment and reporting tool. 31 32Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too. 33OSS-Fuzz supports fuzzing x86_64 and i386 builds. 34 35## Learn more about fuzzing 36 37This documentation describes how to use OSS-Fuzz service for your open source project. 38To learn more about fuzzing in general, we recommend reading [libFuzzer tutorial] 39and the other docs in [google/fuzzing] repository. These and some other resources 40are listed on the [useful links]({{ site.baseurl }}/reference/useful-links/#tutorials) page. 41 42[google/fuzzing]: https://github.com/google/fuzzing/tree/master/docs 43[libFuzzer tutorial]: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md 44 45## Trophies 46As of January 2020, OSS-Fuzz has found over [16,000] bugs in [250] open source projects. 47 48[16,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1 49[250]: https://github.com/google/oss-fuzz/tree/master/projects 50