This week, Google unveiled a plan to extend the OSS-Fuzz incentives programme, a scheme designed to compensate contributors for integrating their projects with the OSS-Fuzz platform.
Launched in 2016, OSS-Fuzz has the stated objective of enhancing the security of common software infrastructure by continuously fuzzing open source software to assist find vulnerabilities.
After launching the programme and announcing awards ranging from $1,000 to $20,000 for projects integrated into OSS-Fuzz, Google now claims to have paid out over $600,000 to over 65 distinct contributors as part of the programme. According to “the criticality of the project,” the internet search marketing behemoth has now raised the maximum incentive for new project integration to $30,000.
The tool, which was introduced a year ago and is already incorporated into OSS-Fuzz, analyses functions, static call graphs, and runtime coverage data to shed light on fuzzing coverage blockages. Google aims to strengthen OSS-Fuzz to uncover more vulnerabilities before they are exploited by raising compensation and expanding the OSS-Fuzz rewards programme.
“The Fuzz Introspector tool provides these insights by identifying complex code blocks that are blocked during fuzzing at runtime, as well as suggesting new fuzz targets that can be added,” Google says.