Microsoft releases Project OneFuzz framework, an open source tool to find and fix bugs

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft Project OneFuzz

Microsoft Project OneFuzz

Microsoft yesterday announced the release of a new tool called Project OneFuzz. Project OneFuzz is an extensible fuzz testing framework for Azure that is used by Microsoft Edge, Windows, and teams across Microsoft. Microsoft is now open sourcing the tool and it is now available to developers around the world under an MIT license.

Fuzz testing is a gold standard for finding and removing costly, exploitable security flaws. Availability of Project OneFuzz will help more developers in improving the security of their code.

Project OneFuzz enables:

  • Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
  • Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
  • Programmatic triage and result deduplication: It provides unique flaw cases that always reproduce.
  • On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
  • Observable and Debug-able: Transparent design allows introspection into every stage.
  • Fuzz on Windows and Linux OSes: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
  • Crash reporting notification callbacks: Currently supporting Azure DevOps Work Items and Microsoft Teams messages

Source: Microsoft

User forum

0 messages