
OneFuzz – A self-hosted Fuzzing-As-A-Service platform - boring_twenties
https://github.com/microsoft/onefuzz
======
qlyoung
I'm excited by this but also a bit sad. I spent most of this year building
this exact thing:

[https://github.com/qlyoung/lagopus](https://github.com/qlyoung/lagopus)

It was such an obvious thing to do - ClusterFuzz but self hostable - I
couldn't believe it hadn't been done yet.

Alas, Microsoft and their infinite resources...well, looking forward to trying
it.

~~~
yjftsjthsd-h
Just because someone else does it doesn't mean you shouldn't, no matter how
big they are. If anything, I'd expect MS to leave openings for alternatives
because they can only solve problems their way.

------
boring_twenties
> Our source code will drop in sync with our public presentation at CppCon
> 2020 on September 18th, 2020.

------
rusk
Very light on details here ... I understand what fuzzing is. I also know that
I can fuzz my own code with standalone tools ... why do I need this “as a
service”? Is it some kind of AI or do they have a production line of engineers
doing nothing but fuzzing all day?

EDIT and why fuzzing specifically? I have a whole laundry list of boring stuff
I’d love done as a service...

~~~
bthrn
Have you ever fuzzed at scale before and solved the problems that that
entails? Fuzzing on a single dev box is trivial compared to running on, say,
20k cores.

Providing this type of scalability as a service, and part of your existing
CICD pipeline is pretty useful.

~~~
rusk
it's interesting alright. I can see this as a special case of some more
general concerns ... I guess what we're seeing is an exploration of
applications for massively parallel computing, and I guess fuzzing naturally
lends itself to that, as well as been a fairly hot topic at the moment. Maybe
even it being neatly parralelisable (w?) is why it's only become popular as we
now commonly have this kind of power on our desktops.

------
AQXt
For one moment I thought it was "FizBuzz As A Service"...

