OneFuzz explained

OneFuzz is a cross-platform free and open source fuzz testing framework by Microsoft.^[1] The software enables continuous developer-driven fuzz testing to identify weaknesses in computer software prior to release.^[2]

Overview

OneFuzz is a self-hosted fuzzing-as-a-service platform that automates the detection of software bugs that could be security issues. It supports Windows and Linux.

Notable features include composable fuzzing workflows, built-in ensemble fuzzing, programmatic triage and result de-duplication, crash reporting notification callbacks, and on-demand live-debugging of found crashes.^[3] The command-line interface client is written in Python 3, and targets Python 3.7 and up.^[4]

Microsoft uses the OneFuzz testing framework to probe Edge, Windows and other products at the company.It replaced the previous Microsoft Security Risk Detection software testing mechanism.

The source code was released on September 18, 2020. It is licensed under MIT License and hosted on GitHub.^[5]

On August 31, 2023, it was announced that development would be coming to an end. On November 1, 2023, the GitHub project was archived.

See also

• Test automation
• Random testing
• American fuzzy lop (fuzzer)
• DynamoRIO
• Pin (computer program)

External links

• • • Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

Notes and References

1. Web site: Microsoft: Windows 10 is hardened with these fuzzing security tools – now they're open source. September 15, 2020. ZDNet.
2. Web site: Microsoft open-sources fuzzing test framework. September 17, 2020. InfoWorld.
3. Web site: Microsoft's Security Group Open Sources Fuzzing Framework for Azure. September 22, 2020. ADTmag.com.
4. Web site: OneFuzz- Microsoft Open Source Fuzzing Platform. September 19, 2020. hackersonlineclub.com.
5. Web site: November 1, 2023 . GitHub - microsoft/onefuzz: A self-hosted Fuzzing-As-A-Service platform . GitHub.