Mozilla and BlackBerry grow Peach fuzz to catch software bugs

Software tool automates testing using 'fault injection'

TODO alt text

Mozilla has teamed up with BlackBerry to give developers and security professionals a new software tool for finding flaws in applications, programs or any areas of code.

Peach v2 is an open source software solution that uses fault injection (or 'fuzzing') techniques to automatically alert developers to potential security concerns.

Fuzzing involves deliberately placing (or 'injecting') garbled data into a specific application or program. If the software fails to properly handle the unexpected data, developers can identify potential security weaknesses and address them before users are put at risk.

In a company blogpost, Mozilla says it has used Peach to successfully perform fuzz testing in Firefox and Firefox OS against HTML features such as image formats, audio/video formats, fonts, multimedia APIs such as WebGL and WebAudio, in addition to the WebRTC protocol.

BlackBerry says it has long relied on "large scale automated testing" to identify security issues across its platform and regularly uses third party fuzzers, in addition to its own proprietary fuzzing tools, static analysis and vulnerability research, to identify and fix potential security holes.

Helpful Minion

Mozilla has also launched a second free open source security testing platform named Minion, aimed at helping developers and security professionals improve the security of their applications.

Rather than using automated testing, Minion is designed to produce fewer but more accurate streams of data to allow developers of all capabilities to spot potential security flaws.

Mozilla says it differs from other security tools that generate "excessive" amounts of data and require many hours of specialised research by a security profesional.