Google has open-sourced its Python fuzzing engine Atheris for developers to find security bugs and patch vulnerabilities before they are exploited.
The fuzzing technique follows a coverage-guided approach that generates random inputs for a system to analyze how it behaves and look for abnormalities and crashes. It allows developers to find the location of possible bugs in an app’s code.
Read More: Maintaining Customers’ Trust over IP
Over the years, Google’s security researchers have been some of the biggest promoters of using fuzzing tools to discover mundane bugs and dangerous vulnerabilities. Since 2013, Google security researchers have created and open-sourced multiple fuzzing tools, including the likes of Syzkaller, OSS-Fuzz, Fuzzilli, ClusterFuzz, and BrokenType.
The tech giant has open-sourced the Atheris code on GitHub, and the fuzzer is also available on the Python package repository – PyPI.