Oss-fuzz integration
Adam Korczynski
Adam at Adalogics.com
Tue Mar 31 12:57:15 BST 2020
Dear Digikam team,
I am a security engineer at Adalogics, and I have been fuzzing your software, Digikam in order to find bugs and vulnerabilities before attackers do. From a high level point of view fuzzing is a process of sending large amounts of pseudo random data to an application and observe bug conditions. Your project would benefit from continuous fuzzing, and you could achieve that through integrating with Google OSS-fuzz project.
Integration of your project in OSS-fuzz means that Google runs our fuzzers on their infrastructure and sends you report of any bugs that it finds. You will receive these report automatically. The entire process is provided by Google free of charge, and the only expectation from Googles side is that you fix the bugs that they find and report to you.
Let me know if you are interested in having Digikam fuzzed on the OSS-fuzz platform, and I will commit the fuzzer I have for Digikam and integrate it with the OSS-fuzz project.
Kind regards
Adam Korczynski
Security Engineer, Adalogics<https://adalogics.com/>, +447885484453
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/digikam-devel/attachments/20200331/5d5a7373/attachment.html>
More information about the Digikam-devel
mailing list