Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
Code Intelligence is adding support for JavaScript into OSS-Fuzz, Google’s platform for continuous fuzzing for open-source software.
JavaScript is one of the most widely used programming languages, especially in the context of web applications. However, security testing for the JavaScript landscape is insufficient, due to a lack of reliable security tools and good integration to common development environments. As part of Code Intelligence's initiative to develop advanced fuzzing and bug detection capabilities for memory-safe languages, it recently released Jazzer.js, a state-of-the-art fuzz testing engine that brings the advancements of white-box fuzzing into the JavaScript ecosystem.
The integration of Jazzer.js into OSS-Fuzz will be the second major language integration from Code Intelligence into Google’s open-source security testing service, for which Code Intelligence provides a complete and advanced fuzzing and bug detection solution. The company’s previous fuzz testing integration into OSS-Fuzz, for Java projects, has already contributed to finding over 500 critical bugs and security vulnerabilities, including remote code execution (such as Log4Shell), Cross-Site Scripting, and injections.
OSS-Fuzz integrates advanced, industry-standard fuzzing technologies for the languages it supports. As part of their collaboration, Code Intelligence has been a strong contributor to OSS-Fuzz for memory-safe languages, such as Java and Go:
“We’ve continuously made improvements to OSS-Fuzz’s infrastructure over the years and expanded our language offerings to cover C/C++, Go, Rust, Java, Python, and Swift, and have introduced support for new frameworks such as FuzzTest.” says Oliver Chang, Senior Staff Engineer at Google’s OSS Fuzzing Team. “Additionally, as part of an ongoing collaboration with Code Intelligence, we’ll soon have support for JavaScript fuzzing through Jazzer.js.”
Jazzer.js is free, open-source, and offers a Jest testing framework integration, so developers can write fuzz tests as easily as unit tests. Furthermore, Jazzer.js is released into the node package manager (npm) so that it is easily accessible by developers. As a result, developers can benefit from excellent integration into their integrated development environments (IDEs), such as IntelliJ and Visual Studio Code, out-of-the-box.
“Our mission is to give every developer the necessary tools to write more secure code.”, says Khaled Yakdan, Chief Scientist and Co-Founder of Code Intelligence. “I’m very glad about the collaboration with Google’s Open-Source Security Team. This will help in making the JavaScript ecosystem more reliable and secure.”
Jazzer.js enables coverage-guided fuzzing for JavaScript and the Node.js.
Industry News
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
Kindo formally launched its channel partner program.
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
Fastly announced the general availability of Fastly AI Accelerator.
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.