Date: prev next · Thread: first prev next last


Berlin, May 23, 2017 - For the last five months, The Document Foundation
has made use of OSS-Fuzz, Google’s effort to make open source software
more secure and stable, to further improve the quality and reliability
of LibreOffice's source code. Developers have used the continuous and
automated fuzzing process, which often catches issues just hours after
they appear in the upstream code repository, to solve bugs - and
potential security issues - before the next binary release.LibreOffice
is the first free office suite in the marketplace to leverage Google’s
OSS-Fuzz. The service, which is associated with other source code
scanning tools such as Coverity, has been integrated into LibreOffice's
security processes - under Red Hat’s leadership - to significantly
improve the quality of the source code.

LibreOffice is the first free office suite in the marketplace to
leverage Google’s OSS-Fuzz. The service, which is associated with other
source code scanning tools such as Coverity, has been integrated into
LibreOffice's security processes - under Red Hat’s leadership - to
significantly improve the quality of the source code.

According to Coverity Scan’s last report, LibreOffice has an industry
leading defect density of 0.01 per 1,000 lines of code (based on
6,357,292 lines of code analyzed on May 15, 2017). “We have been using
OSS-Fuzz, like we use Coverity, to catch bugs - some of which may turn
into security issues - before the release. So far, we have been able to
solve all of the 33 bugs identified by OSS-Fuzz well in advance over the
date of disclosure”, says Red Hat’s Caolán McNamara, a senior developer
and the leader of the security team at LibreOffice.

Additional information about Google OSS-Fuzz is available on the
project’s homepage on GitHub - https://github.com/google/oss-fuzz - and
on Google Open Source Blog: (1)
https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
(announcement), and (2)
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
(results after five months).

Blog post: http://blog.documentfoundation.org/blog/2017/05/23/oss-fuzz/

-- 
Italo Vignoli - Marketing & PR
email italo.vignoli@documentfoundation.org
mobile/signal +39.348.5653829 - skype italovignoli
hangout/jabber italo.vignoli@gmail.com
The Document Foundation, Kurfürstendamm 188, 10707 Berlin, DE
Gemeinnützige rechtsfähige Stiftung des bürgerlichen Rechts
Legal details: http://www.documentfoundation.org/imprint
GPG Key ID - 0xAAB8D5C0
DB75 1534 3FD0 EA5F 56B5 FDA6 DE82 934C AAB8 D5C0

-- 
To unsubscribe e-mail to: announce+unsubscribe@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
List archive: http://listarchives.documentfoundation.org/www/announce/

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.