Oss-fuzz integration
Maik Qualmann
metzpinguin at gmail.com
Thu Apr 2 18:31:24 BST 2020
Yes why not. Ok, we have to close all bugs, says Google. What about software
over which we have less influence, e.g. if the problem is in external
libraries?
Maik
Am Donnerstag, 2. April 2020, 10:04:25 CEST schrieb Gilles Caulier:
> Hi Adam,
>
> Thanks for your proposal. I know the fuzz process to inject random
> data stream in application components to see code quality. We plan to
> use this way in my office for certain libraries used internally.
>
> Maik,
>
> Perhaps we can make a try with digiKam, what do you think about this?
>
> Best
>
> Gilles Caulier
>
> Le jeu. 2 avr. 2020 à 03:54, Adam Korczynski <Adam at adalogics.com> a écrit :
> > Dear Digikam team,
> >
> > I am a security engineer at Adalogics, and I have been fuzzing your
> > software, Digikam in order to find bugs and vulnerabilities before
> > attackers do. From a high level point of view fuzzing is a process of
> > sending large amounts of pseudo random data to an application and observe
> > bug conditions. Your project would benefit from continuous fuzzing, and
> > you could achieve that through integrating with Google OSS-fuzz project.
> >
> > Integration of your project in OSS-fuzz means that Google runs our fuzzers
> > on their infrastructure and sends you report of any bugs that it finds.
> > You will receive these report automatically. The entire process is
> > provided by Google free of charge, and the only expectation from Googles
> > side is that you fix the bugs that they find and report to you.
> >
> > Let me know if you are interested in having Digikam fuzzed on the OSS-fuzz
> > platform, and I will commit the fuzzer I have for Digikam and integrate
> > it with the OSS-fuzz project.
> >
> > Kind regards
> > Adam Korczynski
> > Security Engineer, Adalogics, +447885484453
More information about the Digikam-devel
mailing list