ClusterFuzz: the Tool Google Uses to Security-Test Chrome
'ClusterFuzz' is an industrial-strength system the company uses to check for holes in the browser.
Since late last year, Google has been using an industrial-strength testing system to identify, analyze and fix security holes in its Chrome browser, helping it significantly cut down on the number of vulnerabilities that slip through to the most recent version product in production.
Google calls the system ClusterFuzz. It's made up of "several hundred" virtual machines loaded with about 6,000 Chrome instances, subjecting them to about 50 million test cases every day, the company said.
The system's capacity is projected to quadruple in the coming weeks. Since its full deployment late last year, ClusterFuzz has flagged 95 unique vulnerabilities, 44 of which were fixed before making it into the most recent stable release of the browser, according to a Google blog post.
In addition to benefiting users of the product, the detections also help open-source software used by Chrome like WebKit and FFmpeg, because Google submits vulnerability reports to their project teams.
In addition to running the tests and detecting browser crashes, ClusterFuzz is also used to manage the distribution of test cases, analyze the crashes to determine if they involve a security hole that can be exploited, and verify if a vulnerability has been properly fixed.
Emerson Network Power and NxtGen announced a partnership will help businesses leverage Emerson Network Power’s Smart Solutions infrastructure products with NxtGen’s On-Premises Datacenter services to quickly build and deploy datacenters and manage them effectively
Securing data has been the IT team’s headache since internet became a ‘phenomenon’ and now with the advent of new enterprise technologies/trends and increasing complexities, security should ideally be taking precedence.
With more than a billion monthly active users, it's easy to imagine that most of the data travelling over Facebook's networks is delivering photos, status updates and "likes" to its end users, but that's far from the case.
Java continues to be Public Enemy No. 1 when it comes to computer and network security. Oracle released a huge update for the virtually ubiquitous software, but attackers aren't done exploiting Java as the weakest link in the security chain, and Oracle isn't securing it fast enough.