
So far, Project Wycheproof has uncovered more than 40 security bugs, Google said.
GoogleGoogle on Monday released Project Wycheproof it described as "a set of security tests that check cryptographic software libraries for known vulnerabilities."
In cryptography, Google said, small mistakes can lead to catastrophic consequences. The project aims to stem mistakes that "repeat too often" in open source cryptographic libraries. The software in these libraries is responsible for encrypting and securing data as it's stored on devices or travels across the internet.
Google thinks this is an achievable goal. That's why the project is named after Australia's Mount Wycheproof, the smallest registered mountain in the world. "The smaller the mountain, the easy it is to climb it," said Google in a security blog post.
Project Wycheproof currently includes 80 test cases and has uncovered more than 40 security bugs. The company said it welcomes external contribution to the project. Google also clarified the capability of the project, writing "passing the tests doesn't mean a library is completely secure, just that it isn't vulnerable to the attacks Project Wycheproof can detect"
Google also said Project Wycheproof saves time by letting developers and users quickly check their libraries against a large number of known attacks instead of having to sift through hundreds of academic papers for the same outcome.
Editor's note (6/13/2017): Updated with additional attribution.
Be respectful, keep it civil and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time at our discretion.