LibreOffice leverages Google’s OSS-Fuzz to improve quality of office suite

Posted by Italo Vignoli-5 Italo Vignoli-5
      Options
Berlin, May 23, 2017 - For the last five months, The Document Foundation
has made use of OSS-Fuzz, Google’s effort to make open source software
more secure and stable, to further improve the quality and reliability
of LibreOffice's source code. Developers have used the continuous and
automated fuzzing process, which often catches issues just hours after
they appear in the upstream code repository, to solve bugs - and
potential security issues - before the next binary release.LibreOffice
is the first free office suite in the marketplace to leverage Google’s
OSS-Fuzz. The service, which is associated with other source code
scanning tools such as Coverity, has been integrated into LibreOffice's
security processes - under Red Hat’s leadership - to significantly
improve the quality of the source code.

LibreOffice is the first free office suite in the marketplace to
leverage Google’s OSS-Fuzz. The service, which is associated with other
source code scanning tools such as Coverity, has been integrated into
LibreOffice's security processes - under Red Hat’s leadership - to
significantly improve the quality of the source code.

According to Coverity Scan’s last report, LibreOffice has an industry
leading defect density of 0.01 per 1,000 lines of code (based on
6,357,292 lines of code analyzed on May 15, 2017). “We have been using
OSS-Fuzz, like we use Coverity, to catch bugs - some of which may turn
into security issues - before the release. So far, we have been able to
solve all of the 33 bugs identified by OSS-Fuzz well in advance over the
date of disclosure”, says Red Hat’s Caolán McNamara, a senior developer
and the leader of the security team at LibreOffice.

Additional information about Google OSS-Fuzz is available on the
project’s homepage on GitHub - https://github.com/google/oss-fuzz - and
on Google Open Source Blog: (1)
https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
(announcement), and (2)
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
(results after five months).

Blog post: http://blog.documentfoundation.org/blog/2017/05/23/oss-fuzz/

--
Italo Vignoli - Marketing & PR
email [hidden email]
mobile/signal +39.348.5653829 - skype italovignoli
hangout/jabber [hidden email]
The Document Foundation, Kurfürstendamm 188, 10707 Berlin, DE
Gemeinnützige rechtsfähige Stiftung des bürgerlichen Rechts
Legal details: http://www.documentfoundation.org/imprint
GPG Key ID - 0xAAB8D5C0
DB75 1534 3FD0 EA5F 56B5 FDA6 DE82 934C AAB8 D5C0

--
To unsubscribe e-mail to: [hidden email]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
List archive: http://listarchives.documentfoundation.org/www/announce/