Oss-fuzz integration
Gilles Caulier
caulier.gilles at gmail.com
Thu Apr 2 09:04:25 BST 2020
Hi Adam,
Thanks for your proposal. I know the fuzz process to inject random
data stream in application components to see code quality. We plan to
use this way in my office for certain libraries used internally.
Maik,
Perhaps we can make a try with digiKam, what do you think about this?
Best
Gilles Caulier
Le jeu. 2 avr. 2020 à 03:54, Adam Korczynski <Adam at adalogics.com> a écrit :
>
> Dear Digikam team,
>
> I am a security engineer at Adalogics, and I have been fuzzing your software, Digikam in order to find bugs and vulnerabilities before attackers do. From a high level point of view fuzzing is a process of sending large amounts of pseudo random data to an application and observe bug conditions. Your project would benefit from continuous fuzzing, and you could achieve that through integrating with Google OSS-fuzz project.
>
> Integration of your project in OSS-fuzz means that Google runs our fuzzers on their infrastructure and sends you report of any bugs that it finds. You will receive these report automatically. The entire process is provided by Google free of charge, and the only expectation from Googles side is that you fix the bugs that they find and report to you.
>
> Let me know if you are interested in having Digikam fuzzed on the OSS-fuzz platform, and I will commit the fuzzer I have for Digikam and integrate it with the OSS-fuzz project.
>
> Kind regards
> Adam Korczynski
> Security Engineer, Adalogics, +447885484453
More information about the Digikam-devel
mailing list