Thursday, February 28, 2019

New top story on Hacker News: Launch HN: Fuzzbuzz (YC W19) – Fuzzing as a Service

No comments
Launch HN: Fuzzbuzz (YC W19) – Fuzzing as a Service
146 by evmunro | 76 comments on Hacker News.
Hey HN, We’re Everest, Andrei and Sabera, the founders behind Fuzzbuzz ( https://fuzzbuzz.io ) - a fuzzing as a service platform that makes fuzzing your code as easy as writing a unit test, and pushing to GitHub. Fuzzing is a type of software testing that generates & runs millions of tests per day on your code, and is great at finding edge cases & vulnerabilities that developers miss. It’s been used to find tens of thousands of critical bugs in open-source software ( https://ift.tt/2fW71Bd ), and is a great way to generate tests that cover a lot of code, without requiring your developers to think of every possibility. It achieves such great results by applying genetic algorithms to generate new tests from some initial examples, and using code coverage to track and report interesting test cases. Combining these two techniques with a bit of randomness, and running tests thousands of times every second has proven to be an incredibly effective automated bug finding technique. I was first introduced to fuzzing a couple years ago while working on the Clusterfuzz team at Google, where I built Clusterfuzz Tools v1 ( https://ift.tt/2jAJEvW ). I later built Maxfuzz ( https://ift.tt/2IG5rDY ), a set of tools that makes it easier to fuzz code in Docker containers, while on the Coinbase security team. As we learned more about fuzzing, we found ourselves wondering why very few teams outside of massive companies like Microsoft and Google were actively fuzzing their code - especially given the results (teams at Google that use fuzzing report that it finds 80% of their bugs, with the other 20% uncovered by normal tests, or in production). It turns out that many teams don’t want to invest the time and money needed to set up automated fuzzing infrastructure, and using fuzzing tools in an ad-hoc way on your own computer isn’t nearly as effective as continuously fuzzing your code on multiple dedicated CPUs. That’s where Fuzzbuzz comes in! We’ve built a platform that integrates with your existing GitHub workflow, and provide an open API for integrations with CI tools like Jenkins and TravisCI, so the latest version of your code is always being fuzzed. We manage the infrastructure, so you can fuzz your code on any number of CPUs with a single click. When bugs are found, we’ll notify you through Slack and create Jira tickets or GitHub Issues for you. We also solve many of the issues that crop up when fuzzing, such as bug deduplication, and elimination of false positives. Fuzzbuzz currently supports C, C++, Go and Python, with more languages like Java and Javascript on the way. Anyone can sign up for Fuzzbuzz and fuzz their code on 1 dedicated CPU, for free. We’ve noticed that the HN community has been increasingly interested in fuzzing, and we’re really looking forward to hearing your feedback! The entire purpose of Fuzzbuzz is to make fuzzing as easy as possible, so all criticism is welcome.

Read More

New top story on Hacker News: Ask HN: How to be productive with big existing code base

No comments
Ask HN: How to be productive with big existing code base
134 by maheshs | 103 comments on Hacker News.
I have just started working with one of the client who have existing nodeJS code which they build in last 3 years. Is there any guiding principle which is beneficial while working with existing code base?

Read More

Reactions to United Methodist Church's Vote Against Recognizing Gay Marriage Are Pouring In

,
No comments
The United States’ second-largest Protestant denomination, the United Methodist Church, voted Tuesday to strengthen its embrace of marriage between one man and one woman, laid out in the church’s so-called “Traditional Plan.” In an unexpected turn, the UMC’s delegates decided to reject the “One Church Plan,” which would have permitted individual church leaders and regional annual conference officials to decide whether to ordain and marry LGBTQ members.

from CBNNews.com https://ift.tt/2SyDw8N
via IFTTT
Read More

After public grilling, ex-Trump lawyer Cohen to testify on Russia in private

,
No comments
President Donald Trump's former personal lawyer Michael Cohen will talk behind closed doors on Thursday to a congressional panel investigating Russia's interference in the 2016 U.S. election, capping an explosive week of testimony in which he leveled new allegations of wrongdoing at his former boss.


from Reuters: Top News https://ift.tt/2Ucbtxs
via IFTTT
Read More

Trump denounces Cohen but says he told truth about 'no collusion'

,
No comments
U.S. President Donald Trump said his former personal lawyer, Michael Cohen, had lied "a lot" in testimony to a congressional hearing in Washington, but Cohen had told the truth when he said there was had been no collusion with Russia.


from Reuters: Top News https://ift.tt/2Nx3tV6
via IFTTT
Read More

World powers call for calm as India and Pakistan trade fire in Kashmir

,
No comments
Indian and Pakistani troops traded fire briefly along the contested border in Kashmir on Thursday morning, a day after the two nuclear powers both downed enemy jets, with Pakistan capturing an Indian pilot.


from Reuters: Top News https://ift.tt/2EB81Xz
via IFTTT
Read More

Trump says hopefully India, Pakistan conflict coming to an end

,
No comments
U.S. President Donald Trump said on Thursday he hoped the conflict between India and Pakistan will be coming to an end, after the two nuclear powers clashed across a contested border in the disputed Kashmir region.


from Reuters: Top News https://ift.tt/2H7rAII
via IFTTT
Read More

Trump says talks with Kim failed over North Korean sanctions demands

,
No comments
U.S. President Donald Trump said on Thursday his summit with North Korean leader Kim Jong Un in Vietnam had failed to reach agreement due to North Korean demands to lift punishing U.S.-led sanctions.


from Reuters: Top News https://ift.tt/2tFLa77
via IFTTT
Read More

U.S. trade chief sees long-term China challenges, continued tariff threat

,
No comments
The United States will need to maintain the threat of tariffs on Chinese goods for years even if Washington and Beijing strike a deal to end a costly tariff war, President Donald Trump's chief trade negotiator told lawmakers on Wednesday.


from Reuters: Top News https://ift.tt/2BUttW6
via IFTTT
Read More

USTR to suspend China tariff hike 'until further notice'

,
No comments
The U.S. Trade Representative's office said on Wednesday it would move to formally suspend a scheduled tariff increase on Chinese goods "until further notice" following President Donald Trump's decision to delay his Friday deadline for a U.S.-China trade deal amid progress in their talks.


from Reuters: Top News https://ift.tt/2EgMHpe
via IFTTT
Read More

Asian stocks fall as trade hopes wane, U.S.-North Korea summit ends early

,
No comments
Asian stocks fell on Thursday as investors dialed back some of their recent optimism about a Sino-China trade deal while news that the U.S.-North Korean summit in Hanoi was ending early rattled confidence late in the trading day.


from Reuters: Top News https://ift.tt/2XrWUb4
via IFTTT
Read More

Thousands scramble as Thai Airways cancels flights over Pakistan

,
No comments
Thousands of travelers were left scrambling on Thursday when Thai Airways International canceled more than a dozen flights to and from Europe after Pakistan closed its airspace amid rising tensions with India.


from Reuters: Top News https://ift.tt/2NwNhTJ
via IFTTT
Read More

Popular Posts

Recent Posts

Unordered List

Text Widget

Blog Archive

Search This Blog
Powered by Blogger.