Skip to main content

New top story on Hacker News: Launch HN: Fuzzbuzz (YC W19) – Fuzzing as a Service

Launch HN: Fuzzbuzz (YC W19) – Fuzzing as a Service
147 by evmunro | 76 comments on Hacker News.
Hey HN, We’re Everest, Andrei and Sabera, the founders behind Fuzzbuzz ( https://fuzzbuzz.io ) - a fuzzing as a service platform that makes fuzzing your code as easy as writing a unit test, and pushing to GitHub. Fuzzing is a type of software testing that generates & runs millions of tests per day on your code, and is great at finding edge cases & vulnerabilities that developers miss. It’s been used to find tens of thousands of critical bugs in open-source software ( https://ift.tt/2fW71Bd ), and is a great way to generate tests that cover a lot of code, without requiring your developers to think of every possibility. It achieves such great results by applying genetic algorithms to generate new tests from some initial examples, and using code coverage to track and report interesting test cases. Combining these two techniques with a bit of randomness, and running tests thousands of times every second has proven to be an incredibly effective automated bug finding technique. I was first introduced to fuzzing a couple years ago while working on the Clusterfuzz team at Google, where I built Clusterfuzz Tools v1 ( https://ift.tt/2jAJEvW ). I later built Maxfuzz ( https://ift.tt/2IG5rDY ), a set of tools that makes it easier to fuzz code in Docker containers, while on the Coinbase security team. As we learned more about fuzzing, we found ourselves wondering why very few teams outside of massive companies like Microsoft and Google were actively fuzzing their code - especially given the results (teams at Google that use fuzzing report that it finds 80% of their bugs, with the other 20% uncovered by normal tests, or in production). It turns out that many teams don’t want to invest the time and money needed to set up automated fuzzing infrastructure, and using fuzzing tools in an ad-hoc way on your own computer isn’t nearly as effective as continuously fuzzing your code on multiple dedicated CPUs. That’s where Fuzzbuzz comes in! We’ve built a platform that integrates with your existing GitHub workflow, and provide an open API for integrations with CI tools like Jenkins and TravisCI, so the latest version of your code is always being fuzzed. We manage the infrastructure, so you can fuzz your code on any number of CPUs with a single click. When bugs are found, we’ll notify you through Slack and create Jira tickets or GitHub Issues for you. We also solve many of the issues that crop up when fuzzing, such as bug deduplication, and elimination of false positives. Fuzzbuzz currently supports C, C++, Go and Python, with more languages like Java and Javascript on the way. Anyone can sign up for Fuzzbuzz and fuzz their code on 1 dedicated CPU, for free. We’ve noticed that the HN community has been increasingly interested in fuzzing, and we’re really looking forward to hearing your feedback! The entire purpose of Fuzzbuzz is to make fuzzing as easy as possible, so all criticism is welcome.

Comments

Popular posts from this blog

New top story on Hacker News: Ask HN: Is the EULA on my new $30k RED cinema camera legal?

Ask HN: Is the EULA on my new $30k RED cinema camera legal? 70 by red_throwaway | 77 comments on Hacker News. TLDR: I bought a $30K professional cinema camera that doesn't work unless I sign away my rights to privacy and possibly the video content I make with it ( at least it seems ) Over the past few years my photography business has seen a surge in demand for ultra high quality video production work. In an effort to meet this demand, I picked up one of RED Digital Cinema's newest pro camera bodies, the RED V-RAPTOR. Considering this camera is used by professional filmmakers to create films destined for cinemas, it's not surprising that it came with a $30k price tag. After unboxing and assembling it, I power the camera on and the first thing I see is a wall of legal text on the embedded LCD. Turns out it's a "Software License Agreement" that I'm required to consent to using the on-camera menu buttons before any of the camera's functionality becomes...

New top story on Hacker News: Launch HN: Spoken (YC S21) – Better furniture shopping

Launch HN: Spoken (YC S21) – Better furniture shopping 14 by lgabraham | 3 comments on Hacker News. Hi HN, we’re Dane and Geoff, the founders of Spoken ( https://www.spoken.io/ ). We make it easy to find the lowest price for any furniture item across all big stores. Buying physical things on the internet is hard. You have to quality-check a product without touching it, double-check dimensions for where the thing will go, and evaluate a seller's credibility, often with little data. But buying furniture online is a special case of hard, because the market is deliberately deceptive. Furniture sellers actively prevent consumers from easily finding the same item at other stores, or under other names, because this allows them to charge more. The sellers get to name the products and they name them in confusing ways to facilitate price discriminaton. For example, this table at Wayfair ( https://ift.tt/RF071cQ... ) can also be found at Appliances Connection under a different name for rou...