|Other names||Project OneFuzz|
|Initial release||September 18, 2020|
6.3.0 / January 25, 2023
|Written in||Rust, Python|
|Operating system||Windows, Linux|
OneFuzz is a cross-platform free and open source fuzz testing framework by Microsoft. The software enables continuous developer-driven fuzz testing to identify weaknesses in computer software prior to release.
OneFuzz is a self-hosted fuzzing-as-a-service platform that automates the detection of software bugs that could be security issues. It supports Windows and Linux.
Notable features include composable fuzzing workflows, built-in ensemble fuzzing, programmatic triage and result de-duplication, crash reporting notification callbacks, and on-demand live-debugging of found crashes. The command-line interface client is written in Python 3, and targets Python 3.7 and up.
Microsoft uses the OneFuzz testing framework to probe Edge, Windows and other products at the company. It replaced the previous Microsoft Security Risk Detection software testing mechanism.
The source code was released on September 18, 2020. It is licensed under MIT License and hosted on GitHub.
- ^ a b c d "Microsoft: Windows 10 is hardened with these fuzzing security tools – now they're open source". ZDNet. September 15, 2020.
- ^ a b c d "Microsoft open-sources fuzzing test framework". InfoWorld. September 17, 2020.
- ^ "Microsoft's Security Group Open Sources Fuzzing Framework for Azure". ADTmag.com. September 22, 2020.
- ^ "OneFuzz- Microsoft Open Source Fuzzing Platform". hackersonlineclub.com. September 19, 2020.
- ^ "GitHub - microsoft/onefuzz: A self-hosted Fuzzing-As-A-Service platform". December 5, 2020 – via GitHub.