Hi H2 Database developers, We ([LeeSinLiang](https://github.com/LeeSinLiang), and [Cen Zhang](https://github.com/occia), and a lot of our team members) are Team Atlanta from Georgia Institute of Technology, winners of DARPA's AI Cyber Challenge (AIxCC). We're reaching out to propose a security assessment collaboration with your project. This effort is recommended by DARPA's initiative to apply competition technologies to real-world open source projects.
#### Background We have built an AI-enhanced CRS (Cyber Reasoning System) for automatic vulnerability detection and repair. - AIxCC Competition: https://aicyberchallenge.com/ - Our Team: https://team-atlanta.github.io/ #### What we plan to provide - OSS-Fuzz Integration: - If your project isn't yet supported by [OSS-Fuzz](https://github.com/google/oss-fuzz), we'll develop compatible fuzzing harnesses to enable its integration. This can make our system applicable to your project. - Security Assessment: - We'll run assessments locally on our infrastructure (no changes/efforts from your side) to identify potential vulnerabilities and synthesize corresponding patches. - Detailed Reports: - For any findings, we'll provide reports including: 1) identified vulnerabilities and explanations, 2) the proof-of-concept (PoC) to trigger those vulnerabilities, and 3) corresponding patches. - Responsible Disclosure: - We'll follow your preferred reporting channels (private email, OSS-Fuzz bug report system, or whatever channel you prefer) and coordinate disclosure timelines with your team. Note that **all findings will be further manually validated by our researchers before reporting to ensure quality and accuracy**. #### What we need A brief acknowledgment confirming your willingness to collaborate. This will serve as approval for our assessment plans. Looking forward to your response and please let me know for any further issues/concerns! Best Regards, Cen -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/h2-database/e0106bb4-f1a7-4e38-ada1-67afb4fff4cbn%40googlegroups.com.
