Today, Microsoft announced a new open source tool, Project OneFuzz., in addition to C an upgrade to version 1.0 for the Visual Studio Code The tool, a retired Security Risk Detection Service successor, is an open source self-hosted developer fuzzy testing platform for Azure.
The essence of fuzzy testing is to eliminate the exploitable security vulnerabilities through strict testing process, including flooding relevant programs with a large number of random data. While quite useful, it is often complex to implement. Project onefuzzy tries to make fuzzy testing easier and more sustainable by taking advantage of the open source llvm compiler.
As a result of these advances, the mechanisms that previously had to be attached to the continuous build system can now be embedded directly into the system. For example, collision detection can be built into the Asan tool, while coverage tracking can be built in using the sanitizer coverage (sancov) tool. Looking forward to the future, these changes enable the development of unit test binaries to build various fuzzy techniques into an executable file.