OSS-Fuzz <https://github.com/google/oss-fuzz> is a Google service that continuously runs fuzz tests of critical F/OSS projects on a beefy cluster and reports its findings (bugs, vulnerabilities, etc.) privately to project maintainers. In #2949 <https://github.com/apache/logging-log4j2/pull/2949>, I implemented fuzz tests for Log4j 2 and their integration with OSS-Fuzz. I have documented the details in `FUZZING.adoc` <https://github.com/apache/logging-log4j2/blob/2.x/FUZZING.adoc>, e.g.,
- How can I run fuzz tests locally? - How can I view fuzzing failures detected by OSS-Fuzz? - How can I reproduce fuzzing failures detected by OSS-Fuzz? If you have any further questions, please let me know. If requested, I can also provide a walkthrough in the next PMC meeting.
