OSS-Fuzz <https://github.com/google/oss-fuzz> is a Google service that continuously runs fuzz tests of critical F/OSS projects on a beefy cluster and reports its findings (bugs, vulnerabilities, etc.) privately to project maintainers. In #411 <https://github.com/apache/logging-log4cxx/pull/411>, I implemented fuzz tests for Log4j 2 and their integration with OSS-Fuzz. I have documented the details in `fuzzing.md` <https://github.com/apache/logging-log4cxx/blob/fuzzing/src/site/markdown/development/fuzzing.md> , e.g.,
- Running fuzz tests locally - Viewing fuzzing failures detected by OSS-Fuzz - Reproducing fuzzing failures detected by OSS-Fuzz If you have any further questions, please let me know. If requested, I can also provide a walkthrough in the next PMC meeting.
