Announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds has revealed that fuzzing is producing a steady stream of security fixes.
Fuzzing involves stress testing a system by generating random code to induce errors, which in turn may help identify potential security flaws. Fuzzing is helping software developers catch bugs before shipping software to users.
As Torvalds points out, Linux kernel developers have been using fuzzing programs since the beginning, such as tools like “crashme”, which was released in 1991 and nearly 20 years later was used by Google security researcher Tavis Ormandy to test how well shielded a host is when untrusted data is being processed in a virtual machine.
Read more at ZDNet