Jonathan Metzman

@[email protected]
213 Followers
73 Following
15 Posts
Fuzzing on Google's Open Source Security Team. I work on ClusterFuzzLite/FuzzBench/OSS-Fuzz/ClusterFuzz. Speaking on behalf of myself, not my employer.
twitterhttps://twitter.com/metzmanj
githubhttps://github.com/jonathanmetzman
Show threadJonathan MetzmanJan 16, 2025
Wrong link, this is the correct one: https://www.google.com/about/careers/applications/jobs/results/90765822003159750-software-engineering-intern-phd-summer-2025
Software Engineering Intern, PhD, Summer 2025 — Google Careers

Jonathan MetzmanJan 15, 2025
The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build something interesting that will have immediate impact on 1000+ open source projects. https://www.google.com/about/careers/applications/jobs/results/90765822003159750-software-engineering-intern-phd-summer-2025
Software Engineering Intern, PhD, Summer 2025 — Google Careers

Jonathan MetzmanNov 21, 2024
We published more details about our LLM-based fuzz target generator, which found CVE-2024-9143 in OpenSSL
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Leveling Up Fuzzing: Finding more vulnerabilities with AI

Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities...

Google Online Security Blog
Jonathan MetzmanJun 25, 2024

Some teammates and I wrote a blog post on some ideas for AIxCC as we've been helping out a little.

I'm sure everyone will be surprised that it involves fuzzing!
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html

Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge

Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering The US Defense Advanced Research Projects Agency, DARPA , rec...

Google Online Security Blog
Jonathan MetzmanAug 16, 2023
Check out our work on using LLMs to generate fuzz targets in OSS-Fuzz:
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
#fuzzing
AI-Powered Fuzzing: Breaking the Bug Hunting Barrier

Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team  Since 2016, OSS-Fuzz has been at the forefront of automated v...

Google Online Security Blog
Show threadJonathan MetzmanFeb 9, 2023
@lucasgonze Happy to. Sent you an email!
Jonathan MetzmanFeb 1, 2023
We published a blog post on some updates we have for OSS-Fuzz rewards: https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
Taking the next step: OSS-Fuzz in 2023

Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016 , Google's free OSS-Fuzz code testing service has helped get over 8800 vul...

Google Online Security Blog
Jonathan MetzmanJan 20, 2023
Deadline to express interest in our fuzzing competition is today. https://sbft23.github.io/tools/fuzzing just apply if youre in doubt!
SBFT'23 Fuzzing Competition Instructions

Jonathan MetzmanJan 18, 2023
Calling all fuzzing engine developers: Join the SBFT competition for a chance at at least 11K. Deadline for expressing interest is friday https://sbft23.github.io/tools/fuzzing
SBFT'23 Fuzzing Competition Instructions

Jonathan MetzmanDec 19, 2022
moyixDec 17, 2022
A while back, @metzman was kind enough to do some fuzzing of the skia graphics library with FTZ enabled. Sadly, it didn't find anything super exciting (just some null derefs, timeouts, and floating point div0s), but you can now see some of them here:
https://bugs.chromium.org/p/oss-fuzz/issues/list?q=label:Proj-skia-ftz
Monorail - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail