At Google, we have found tens of thousands of security and robustness bugs by fuzzing C and C++ libraries. This talk covers the various aspects of one of the projects working on automated scalable techniques related to fuzzing at Google: how to fuzz, what to fuzz, and how to deal with discovered bugs. First, we present a distributed fuzzing infrastructure that allows us to cooperatively utilize multiple test generation techniques. Then, this talk will describe our FUDGE system for automated fuzz driver generation, which automatically generates fuzz driver candidates for libraries based on existing client code. Running large-scale fuzzing services also causes lots of bugs and vulnerabilities to be reported. This talk describes various techniques to provide feedback to developers to reduce the time a known security bug remains open. Finally, this talk will also highlight challenges and opportunities to incorporate security testing into the general software development workflow.