Google unleashes security fuzzer in open-source software

32
Google unleashes security fuzzer in open-source software

the widely deployed Java error logging library and remotely exploitable flaw in Log4j is being attacked by multiple actors and likely will remain so for many more months.

Google is adding OSS-Fuzz to the pool of answers to the internet-wide Log4j flaw. This is also known as Log4Shell. Tracked as CVE 2021-44228 and was partially fixed in Apache Foundation’s release of Log4j version 2.15.0 last week.

OSS-Fuzz is Google’s free service for fuzzing open-source software projects and is currently used by over 500 critical projects. Fuzzing involves throwing random code at software to produce an error, like a crash, and uncover potential security flaws.

Read More: zdnet

For more such updates follow us on Google News ITsecuritywire News