[jira] [Commented] (BCEL-364) Integrating bcel into oss-fuzz

Tue, 20 Sep 2022 11:22:08 -0700 


    [ 
https://issues.apache.org/jira/browse/BCEL-364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17607354#comment-17607354
 ] 

Gary D. Gregory commented on BCEL-364:
--------------------------------------

I agree. We don't need machine generated content dumped on our heads without 
qualification.

 

> Integrating bcel into oss-fuzz
> ------------------------------
>
>                 Key: BCEL-364
>                 URL: https://issues.apache.org/jira/browse/BCEL-364
>             Project: Commons BCEL
>          Issue Type: Improvement
>            Reporter: A. Schaich
>            Priority: Minor
>
> Hi all,
> we have prepared the [Initial 
> integration|https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/8e98d61d59164683ff72203b5aa6768cb3d68acb]
>  of bcel into [Google OSS-Fuzz|https://github.com/google/oss-fuzz] which will 
> provide more security for your project.
>  
> *Why do you need Fuzzing?*
> The Code Intelligence JVM fuzzer 
> [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has already found 
> [hundreds of bugs|https://github.com/CodeIntelligenceTesting/jazzer#findings] 
> in open source projects including for example 
> [OpenJDK|https://nvd.nist.gov/vuln/detail/CVE-2022-21360], 
> [Protobuf|https://nvd.nist.gov/vuln/detail/CVE-2021-22569] or 
> [jsoup|https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c]. 
> Fuzzing proved to be very effective having no false positives. It provides a 
> crashing input which helps you to reproduce and debug any finding easily. The 
> integration of your project into the OSS-Fuzz platform will enable continuous 
> fuzzing of your project by 
> [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer].
>  
> *What do you need to do?*
> The integration requires the maintainer or one established project commiter 
> to deal with the bug reports.
> You need to create or provide one email address that is associated with a 
> google account as per 
> [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/].
>  When a bug is found, you will receive an email that will provide you with 
> access to ClusterFuzz, crash reports, code coverage reports and fuzzer 
> statistics. More than 1 person can be included.
>  
> *How Code Intelligence can support?*
> We will continue to add more fuzz targets to improve code coverage over time. 
> Furthermore, we are permanently enhancing fuzzing technologies by developing 
> new fuzzers and more bug detectors.
>  
> Please let me know if you have any questions regarding fuzzing or the 
> OSS-Fuzz integration.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to