Mastodawn

Jonathan Metzman

213 Followers

73 Following

15 Posts

Fuzzing on Google's Open Source Security Team. I work on ClusterFuzzLite/FuzzBench/OSS-Fuzz/ClusterFuzz. Speaking on behalf of myself, not my employer.

twitter	https://twitter.com/metzmanj
github	https://github.com/jonathanmetzman

Jonathan Metzman Nov 21, 2024

We published more details about our LLM-based fuzz target generator, which found CVE-2024-9143 in OpenSSL
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html

Leveling Up Fuzzing: Finding more vulnerabilities with AI

Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities...

Google Online Security Blog

Jonathan Metzman Aug 16, 2023

Check out our work on using LLMs to generate fuzz targets in OSS-Fuzz:
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
#fuzzing

AI-Powered Fuzzing: Breaking the Bug Hunting Barrier

Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team Since 2016, OSS-Fuzz has been at the forefront of automated v...

Google Online Security Blog

Jonathan Metzman Nov 15, 2022

Trying to fuzz ClusterFuzzLite using ClusterFuzzLite 😏
https://github.com/google/oss-fuzz/pull/8985

Fuzz OSS-Fuzz with Atheris and ClusterFuzzLite by jonathanmetzman · Pull Request #8985 · google/oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software. - Fuzz OSS-Fuzz with Atheris and ClusterFuzzLite by jonathanmetzman · Pull Request #8985 · google/oss-fuzz

GitHub