Wrong link, this is the correct one: https://www.google.com/about/careers/applications/jobs/results/90765822003159750-software-engineering-intern-phd-summer-2025
Jonathan Metzman
Fuzzing on Google's Open Source Security Team. I work on ClusterFuzzLite/FuzzBench/OSS-Fuzz/ClusterFuzz. Speaking on behalf of myself, not my employer.
The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build something interesting that will have immediate impact on 1000+ open source projects. https://www.google.com/about/careers/applications/jobs/results/90765822003159750-software-engineering-intern-phd-summer-2025
We published more details about our LLM-based fuzz target generator, which found CVE-2024-9143 in OpenSSL
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Some teammates and I wrote a blog post on some ideas for AIxCC as we've been helping out a little.
I'm sure everyone will be surprised that it involves fuzzing!
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
Check out our work on using LLMs to generate fuzz targets in OSS-Fuzz:
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
#fuzzing
@lucasgonze Happy to. Sent you an email!
We published a blog post on some updates we have for OSS-Fuzz rewards: https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
Deadline to express interest in our fuzzing competition is today. https://sbft23.github.io/tools/fuzzing just apply if youre in doubt!
Calling all fuzzing engine developers: Join the SBFT competition for a chance at at least 11K. Deadline for expressing interest is friday https://sbft23.github.io/tools/fuzzing
Jonathan Metzman boosted:
A while back, @metzman was kind enough to do some fuzzing of the skia graphics library with FTZ enabled. Sadly, it didn't find anything super exciting (just some null derefs, timeouts, and floating point div0s), but you can now see some of them here:
https://bugs.chromium.org/p/oss-fuzz/issues/list?q=label:Proj-skia-ftz
We're doing the monthly fuzzing zoom at 1:30 PM EST https://zoom.us/j/99960722134?pwd=ZzZqdzY1eG9tMzQxWFI1Z0RhTkUxZz09 join us!
#fuzzing
@dmnk @aflplusplus Nice. This has been a dream feature of mine for a while!
Trying to fuzz ClusterFuzzLite using ClusterFuzzLite 😏
https://github.com/google/oss-fuzz/pull/8985
@dmnk @VishnyaSweet @anfedotoff @buherator Yup: https://github.com/google/oss-fuzz/tree/master/infra/experimental/SystemSan
I'm hoping to teach it to find more things soon. Open to ideas!
@thc 😬 Was it in this code? https://storage.googleapis.com/oss-fuzz-coverage/ghostscript/reports/20221031/linux/src/ghostpdl/pdf/report.html
For what it's worth ghostscript isn't using AFL++ in oss-fuzz https://github.com/google/oss-fuzz/blob/master/projects/ghostscript/project.yaml#L19
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst