In the five months since Google launched its OSS-Fuzz program, the initiative has uncovered more than 1,000 bugs, 264 of which could potentially be security flaws, the company said Tuesday.
Google found 33 vulnerabilities in LibreOffice, 10 in FreeType2, 17 in FFmpeg, 25 in PCRE2 and another 10 in GnuTLS as well as seven in Wireshark and nine in gRPC.
“We've also had at least one bug collision with another independent security researcher,” according to a Google security blog, which said that the company's robot army processed 10 trillion test inputs daily.
Google also announced that its Patch Rewards program going forward would “include rewards for the integration of fuzz targets into OSS-Fuzz.”