Google Fuzzing Service Uncovers 1K Bugs in Open-Source Projects

Today’s topics include Google’s fuzzing service uncovering more than 1,000 bugs in open-source projects in five months, VMware helping Google make Chromebooks  better for business; Edward Snowden advocating the need for open source and OpenStack; and Dell EMC aiming servers at data center modernization efforts.

A Google-led initiative to find security vulnerabilities in popular open-source projects has unearthed more than 1,000 bugs in various open-source software applications in the five months since the effort was launched.

About 265 of those bugs are potential security vulnerabilities, the company announced in an update on its OSS-Fuzz project May 8. Open-source projects in which Google has found security vulnerabilities include FreeType with 10 flaws, LibreOffice with 33 vulnerabilities, FFmpeg with 17 and Wireshark with seven security bugs.

A breakdown of the types of bugs that Google has found so far via OSS-Fuzz shows that most open-source errors are buffer overflows, stack overflows and timeout errors.

VMware and Google revealed May 9 that they are expanding a relatively quiet partnership with the goal of accelerating the adoption of Chromebook laptops. VMware Workspace ONE, introduced at Dell EMC World in Las Vegas at the Sands Conference Center, is designed to enable one-click secure authentication and management of applications for organizations deploying Chromebooks.

The device unifies endpoint management for IT and provides a unified access experience for end users, ostensibly helping organizations evolve away from siloed management point products.

Using public cloud and proprietary software represents a "silent vulnerability" to millions of users around the world—this according to National Security Agency whistleblower Edward Snowden. Snowden appeared remotely via a video link at the OpenStack Summit in Boston May 9 in a question-and-answer keynote with OpenStack Foundation Chief Operating Officer Mark Collier.

Snowden said the average user is unaware of how the internet works. "For most people, the internet is magic," he said.

According to Snowden, it's not good enough to let people mindlessly build internet and cloud services, which is where OpenStack plays an important role. "What OpenStack does is it lets you close the silent vulnerability of things that you don't control or shape," he added.

Dell EMC is arming its upcoming generation of PowerEdge servers with a broad range of new and upgraded capabilities designed to help enterprises navigate their way through a rapidly evolving data center environment—one that is being roiled by the rise of such technologies as the cloud, data analytics, virtualization, software-defined infrastructure, virtual reality, machine learning and the internet of things.

At the company’s Dell EMC World 2017 show in Las Vegas earlier  this week—the first show since Dell’s $60 billion-plus acquisition of EMC last fall—executives gave the more than 13,000 attendees a preview of the 14th generation systems due out this summer to coincide with Intel’s expected release of its latest Xeon server processors.