OneFuzz – A self-hosted Fuzzing-As-A-Service platform (github.com)
44 points by boring_twenties 4 days ago

I'm excited by this but also a bit sad. I spent most of this year building this exact thing:


It was such an obvious thing to do - ClusterFuzz but self hostable - I couldn't believe it hadn't been done yet.

Alas, Microsoft and their infinite resources...well, looking forward to trying it.

Just because someone else does it doesn't mean you shouldn't, no matter how big they are. If anything, I'd expect MS to leave openings for alternatives because they can only solve problems their way.

Let's see how they implemented it first... Not everything MS is user-friendly and completely cloud agnostic.

> Our source code will drop in sync with our public presentation at CppCon 2020 on September 18th, 2020.

Very light on details here ... I understand what fuzzing is. I also know that I can fuzz my own code with standalone tools ... why do I need this “as a service”? Is it some kind of AI or do they have a production line of engineers doing nothing but fuzzing all day?

EDIT and why fuzzing specifically? I have a whole laundry list of boring stuff I’d love done as a service...

Have you ever fuzzed at scale before and solved the problems that that entails? Fuzzing on a single dev box is trivial compared to running on, say, 20k cores.

Providing this type of scalability as a service, and part of your existing CICD pipeline is pretty useful.

it's interesting alright. I can see this as a special case of some more general concerns ... I guess what we're seeing is an exploration of applications for massively parallel computing, and I guess fuzzing naturally lends itself to that, as well as been a fairly hot topic at the moment. Maybe even it being neatly parralelisable (w?) is why it's only become popular as we now commonly have this kind of power on our desktops.

That laundry list would make for an excellent blog post. I'd love it if you share that list in one form or another, including as a comment on HN.

Not really, I'm not much of a blogger. I also didn't really want to get into my life-story in a HN comment considering it's so similar to everybody elses.

Just was interested in understanding why fuzzing, specifically over anything else, and, what exactly is meant by fuzzing in this context.

I don't suppose you have any information like that, rather than pointing out the gaps in my own commentary?

There might have been some misunderstanding here because I don't think I implied in any shape or form that you have to share your life story?

Additionally, I never said you have gaps in your commentary -- I said that I am very interested in your laundry list of services that you'd like to see (since I am an aspiring future entrepreneur and such ideas for things people miss are very valuable to me).

And my question was only this: are you willing to share that wish list? You'd find an enthusiastic audience in me.

For one moment I thought it was "FizBuzz As A Service"...

