Fuzzing Finds CVE in Spring.io

Code Intelligence‘s fuzzer, integrated into the OSS-Fuzz fuzzing platform by Google, found a CVE in the Spring Framework which causes a DoS (denial-of-service) if exploited. Patches are available.

Google cares about open source security. They have skin in the game. I’ve written about this in the past. That’s why they built their fuzzing platform, OSS-Fuzz, reward contributors, and collaborate with partners to integrate more fuzzing capabilities…