Saturday, November 23, 2024

Google’s AI-powered bug hunting tool finds a host of concerning open source security flaws

Must read


  • Google’s OSS-Fuzz finds more than two dozen vulnerabilities in different open-source projects
  • Among them is a vulnerability in OpenSSL that could result in RCE
  • Google sees this as a major milestone in automated bug discovery

Google has found 26 vulnerabilities in different open source code repositories, including a medium-severity flaw in “the critical OpenSSL library that underpins much of internet infrastructure.”

This wouldn’t be much of a news (Google helped find thousands of bugs throughout the years), if the method by which the flaws were discovered wasn’t “artificial”, as the bugs were revealed using its AI-powered fuzzing tool, OSS-Fuzz.

Latest article