OneFuzz
{{Short description|Open-source fuzz testing platform}}
{{Infobox software
| name = OneFuzz
| logo = OneFuzz logo.svg
| author =
| other_names = Project OneFuzz
| developer = Microsoft
| released = {{Start date and age|2020|09|18}}
| discontinued = true
| latest_release_version = 8.9.0
| latest_release_date = {{Start date and age|2023|10|09}}
| repo = {{URL|https://github.com/microsoft/onefuzz}}
| programming language = Rust, Python
| operating system = Windows, Linux
| platform = Cross-platform
| genre = Fuzzer
| license = MIT License
| website = {{URL|https://www.microsoft.com/en-us/research/project/project-onefuzz/}}
}}
OneFuzz is a cross-platform free and open source fuzz testing framework by Microsoft.{{Cite web|url=https://www.zdnet.com/article/microsoft-windows-10-is-hardened-with-these-fuzzing-security-tools-now-theyre-open-source/|title=Microsoft: Windows 10 is hardened with these fuzzing security tools – now they're open source|date=September 15, 2020|website=ZDNet}} The software enables continuous developer-driven fuzz testing to identify weaknesses in computer software prior to release.{{Cite web|url=https://www.infoworld.com/article/3575600/microsoft-open-sources-fuzzing-test-framework.html|title=Microsoft open-sources fuzzing test framework|date=September 17, 2020|website=InfoWorld}}
Overview
OneFuzz is a self-hosted fuzzing-as-a-service platform that automates the detection of software bugs that could be security issues. It supports Windows and Linux.
Notable features include composable fuzzing workflows, built-in ensemble fuzzing, programmatic triage and result de-duplication, crash reporting notification callbacks, and on-demand live-debugging of found crashes.{{Cite web|url=https://adtmag.com/articles/2020/09/22/onefuzz-released-to-open-source.aspx|title=Microsoft's Security Group Open Sources Fuzzing Framework for Azure|date=September 22, 2020|website=ADTmag.com}} The command-line interface client is written in Python 3, and targets Python 3.7 and up.{{Cite web|url=https://hackersonlineclub.com/onefuzz-microsoft-open-source-fuzzing-platform/|title=OneFuzz- Microsoft Open Source Fuzzing Platform|date=September 19, 2020|website=hackersonlineclub.com}}
Microsoft uses the OneFuzz testing framework to probe Edge, Windows and other products at the company.
It replaced the previous Microsoft Security Risk Detection software testing mechanism.
The source code was released on September 18, 2020. It is licensed under MIT License and hosted on GitHub.{{Cite web |date=November 1, 2023 |title=GitHub - microsoft/onefuzz: A self-hosted Fuzzing-As-A-Service platform |url=https://github.com/microsoft/onefuzz |via=GitHub}}
On August 31, 2023, it was announced that development would be coming to an end. On November 1, 2023, the GitHub project was archived.
See also
{{Portal|Free and open-source software}}
References
{{Reflist}}
External links
- {{Official website|https://www.microsoft.com/en-us/research/project/project-onefuzz/}}
- {{GitHub|https://github.com/microsoft/onefuzz}}
- [https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/ Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale]
{{Microsoft FOSS}}
{{Microsoft development tools}}
{{Microsoft Research}}
Category:Free and open-source software
Category:Free software programmed in Rust
Category:Free software testing tools
Category:Security testing tools
Category:Microsoft free software
Category:Software using the MIT license
{{Microsoft-software-stub}}