🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Very excited that Ubuntu now officially supports the OSV format! openssf.org/blog/2024/06/1…

The DARPA #AIxCC will help design new #AI systems to secure major open source projects that our critical infrastructure relies upon. Learn how Google's OSS-Fuzz can show opportunities where AI can help find and patch vulnerabilities for the challenge: security.googleblog.com/2024/06/hackin…

Yesterday we announced that our security advisory feed was being now published following the OSV schema. This was a herculean job by Dan Luhring and Carlos.

Second OSS-Fuzz blog post on fuzz harness generation for Java! blog.oss-fuzz.com/posts/introduc… We've been quiet for a while but have a few interesting posts coming in the pipeline about our research.

One week later the bug count is now at 25 bugs total (github.com/google/oss-fuz…) There's still many improvements to be made to improve success rate of generated targets, but we now have the problem of too many crashes to triage. Automating this will a focus of our future research.

Today, we proudly unveil Ubuntu 24.10, codenamed "Oracular Oriole" 🔮 Packed with GNOME 47, the Linux 6.11 kernel, permissions prompting, an enhanced command line, OpenVEX and OSV support, and a special #Ubuntu20Years anniversary gift - there’s plenty for you to explore 🚀

OSV support announced in the latest Ubuntu 24.10 release! This year has seen OSV adoption from many Linux distributions, and the OSV.dev database is starting to become a really comprehensive source of accurate vuln info across major open source ecosystems!

CVE-2024-9143 (openssl-library.org/news/secadv/20…) was disclosed recently, which was found by OSS-Fuzz-Gen! This is a pretty proud example of our team showing the promise of leveraging LLMs enable more fuzzing coverage.

Red Hat joins OSV! openssf.org/blog/2024/11/0… Combined with Ubuntu, Chainguard, and SUSE adopting OSV this year, OSV.dev has really started to become a comprehensive vulnerability source for not only language packages, but also Linux distros!

The OSS-Fuzz team at Google is using AI-powered fuzzing to find vulns in open-source software and recently reported 26 new vulns to open-source project maintainers, including one in the OpenSSL library which is critical to most internet infrastructure. security.googleblog.com/2024/11/leveli…

New blog post about OSS-Fuzz AI-powered fuzzing is live! We talk about what went into making LLMs work well enough for this use case to find 26 new vulnerabilities (including a CVE in OpenSSL), as well as what else we have planned to make this better. security.googleblog.com/2024/11/leveli…

On the heels of Google’s ‘Big Sleep’ AI discovery of a real-world vulnerability, our OSS-Fuzz team identified and reported 26 vulnerabilities to open-source project maintainers by using AI-generated and enhanced fuzz targets. Read more here: security.googleblog.com/2024/11/leveli…

Happy new year! OSV had a lot of great progress in 2024, from new ecosystem adoption, API improvements, and scanner feature development! We just published a blog about these and our 2025 plans here: osv.dev/blog/posts/202… !

The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build the future of fuzzing. Link in next tweet in thread. RTs appreciated!

Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT security.googleblog.com/2025/01/osv-sc…

cloud.google.com/blog/products/… Awesome blog on how we’re using SLSA to make GKE more secure for our customers!

OSV-Scanner has just released the first beta for V2, a major update that includes significant new features, including layer-aware container scanning, remediation for pom.xml, new HTML output and more. osv.dev/blog/posts/osv… Please try it out and give us feedback!

🚀Inviting GSoC2025 contributors to supercharge OSS-Fuzz-Gen! Opportunities include:​ 1. Modularize OSS-Fuzz ​features 2. Enhance Experiment Execution & Report UI​ 3. Integrate Research Innovations​ Interested? Send your resume to [email protected]😃 gist.github.com/dynamicwebpaig…