Oliver Chang

Really excited to finally announce CodeMender! As part of this we've already submitted and upstreamed several patches to OSS projects via OSS-Fuzz. Check out our post at: https://t.co/qgnroQyIzN There will be more technical details and exciting announcements to come!

Software vulnerabilities can be notoriously time-consuming for developers to find and fix. Today, we’re sharing details about CodeMender: our new AI agent that uses Gemini Deep Think to automatically patch critical software vulnerabilities. 🧵

OSV-Scanner has just released the first beta for V2, a major update that includes significant new features, including layer-aware container scanning, remediation for pom.xml, new HTML output and more. https://t.co/kkPK2KHBTk Please try it out and give us feedback!

https://t.co/MJrSrcgXqC Awesome blog on how we’re using SLSA to make GKE more secure for our customers!

Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT https://t.co/Xk95hlSQwd

The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build the future of fuzzing. Link in next tweet in thread. RTs appreciated!

Happy new year! OSV had a lot of great progress in 2024, from new ecosystem adoption, API improvements, and scanner feature development! We just published a blog about these and our 2025 plans here: https://t.co/7vRkoPHZfO !

New blog post about OSS-Fuzz AI-powered fuzzing is live! We talk about what went into making LLMs work well enough for this use case to find 26 new vulnerabilities (including a CVE in OpenSSL), as well as what else we have planned to make this better. https://t.co/ewCUmtRs6P

Red Hat joins OSV! https://t.co/M6yDyTwMpE Combined with Ubuntu, Chainguard, and SUSE adopting OSV this year, https://t.co/JhJ5uLdAjV has really started to become a comprehensive vulnerability source for not only language packages, but also Linux distros!

CVE-2024-9143 (https://t.co/ApXML9Eiuv) was disclosed recently, which was found by OSS-Fuzz-Gen! This is a pretty proud example of our team showing the promise of leveraging LLMs enable more fuzzing coverage.

OSV support announced in the latest Ubuntu 24.10 release! This year has seen OSV adoption from many Linux distributions, and the https://t.co/JhJ5uLd2un database is starting to become a really comprehensive source of accurate vuln info across major open source ecosystems!

One week later the bug count is now at 25 bugs total (https://t.co/sjDnDMze7e) There's still many improvements to be made to improve success rate of generated targets, but we now have the problem of too many crashes to triage. Automating this will a focus of our future research.