Hi Andrea, +1 from me and I agree that it can help us uncover bugs and vulnerabilities.
Kind regards On Wed, Jul 5, 2023 at 5:08 PM Andrea Cosentino <anco...@gmail.com> wrote: > As far as I know, we need to provide a PR on their repository with some > configuration (YAML) and a build file. > > They will build the project and attempt to fuzz in an automated way. > > So in our repositories nothing should be changed. > > Il giorno mer 5 lug 2023 alle ore 16:39 Pasquale Congiusti < > pasquale.congiu...@gmail.com> ha scritto: > > > Hi Andrea, > > any automation that helps us in having a better quality of software is > > definitely good IMO. What it's not really clear to me is what kind of > > additional development we should do and how much could be the cost of > > maintenance if we include the project. > > > > Thanks, > > Pasquale. > > > > On Tue, Jul 4, 2023 at 4:43 PM Andrea Cosentino <anco...@gmail.com> > wrote: > > > > > Hello all, > > > > > > I was investigating Fuzzing and all the related tools today. > > > > > > I was already aware about OSSFuzz project and I verified some other > > Apache > > > Projects are already included [1] > > > > > > With this integration the project could be part of Fuzzing automation > and > > > get some report as Vulnerabilities or bugs. > > > > > > I think there is value in this kind of report, so I'd like to gather > some > > > more feedback and see if there is interest in the community. > > > > > > Thanks. > > > > > > [1] https://github.com/google/oss-fuzz/tree/master/projects > > > > > > -- Otavio R. Piske http://orpiske.net
