Apache OpenOffice Community Forum

Italo Vignoli at documentfoundation.org on May 23, 2017 wrote:LibreOffice is the first free office suite in the marketplace to leverage Google’s OSS-Fuzz. The service, which is associated with other source code scanning tools such as Coverity, has been integrated into LibreOffice’s security processes – under Red Hat’s leadership – to significantly improve the quality of the source code.

According to Coverity Scan’s last report, LibreOffice has an industry leading defect density of 0.01 per 1,000 lines of code (based on 6,357,292 lines of code analyzed on May 15, 2017). “We have been using OSS-Fuzz, like we use Coverity, to catch bugs – some of which may turn into security issues – before the release. So far, we have been able to solve all of the 33 bugs identified by OSS-Fuzz well in advance over the date of disclosure”, says Red Hat’s Caolán McNamara, a senior developer and the leader of the security team at LibreOffice.

Phil Muncaster at infosecurity-magazine.com on 9 May 2017 wrote:Google is urging more members of the open source community to get on board with its OSS-Fuzz initiative designed to make software more secure, after revealing the discovery of over 1000 bugs in the past five months.
OSS-Fuzz was launched in a bid to encourage more open source developers to use the fuzz testing techniques which Google claims it has employed to spot hundreds of security and stability issues in Chrome.
The automated bot army which powers OSS-Fuzz processes 10 trillion test inputs a day and in doing so, has found 264 potential security vulnerabilities in 47 open source projects over the past five months, Google claimed in a blog post.
These include: 10 in FreeType2, 17 in FFmpeg, 33 in LibreOffice, 8 in SQLite 3, 10 in GnuTLS, 25 in PCRE2, 9 in gRPC, and 7 in Wireshark.