Yeah, that sounds good to me in any case, thanks! How frequently would this send emails? Only if a bug was found, or also other reports? If it's only bugs, you could have it send emails to [email protected].
On Thu, May 14, 2020 at 3:48 PM Adam Korczynski <[email protected]> wrote: > I have never used Fuzzit, but it looks and sounds like they are offering > continuous fuzzing for open source projects free of charge which is super > awesome! > > If that is the case, my estimate would be that the primary gain would be > to get more cpu power for the fuzzers. > > This would be a benefit for the project, since it has been proven to keep > fuzzers running for longer periods. This bug > <https://www.openssl.org/news/secadv/20170126.txt> for example took 3 CPU > years of fuzzing to find. > > A suggestion could also be to try running the fuzzers on both platforms > and get the benefits of both projects. We could see if this in practice > reaps any practical benefits during the course of a trial period of a > couple of months. > > On Wednesday, 13 May 2020 18:56:20 UTC+1, Julius Volz wrote: >> >> +cc Yevgeny from Fuzzit for comment >> >> Currently we are being fuzzed (also for free) by Fuzzit: >> https://app.fuzzit.dev/orgs/prometheus - Yevgeny from Fuzzit initiated >> that a while ago, and it has found a couple of bugs so far, thanks for that! >> >> @Adam: could you help us understand what oss-fuzz would give us beyond >> that, maybe more fuzzing capacity or something like that? (I'm not a >> fuzzing expert) >> >> On Wed, May 13, 2020 at 12:34 PM Adam Korczynski <[email protected]> >> wrote: >> >>> Dear all maintainers, >>> >>> This was a message sent to a few maintainers of Prometheus, and it was >>> suggested by Julien to post it here. >>> >>> I see that Prometheus is being fuzzed. That is awesome! >>> >>> I would like to suggest integrating Prometheus into oss-fuzz. This will >>> allow Google to run the current fuzzer and all future fuzzers on their >>> infrastructure. If a bug is found, all maintainers on the contact list >>> receive an email with a detailed bug report. >>> The service is offered free of charge with an implied expectation that >>> found bugs are fixed, so that the fuzzers can keep running continuously. >>> >>> I will be glad to integrate Prometheus into oss-fuzz. All I need are the >>> email addresses of the maintainers to add to the contact list for the bug >>> reports. >>> >>> Kind regards >>> Adam Korczynski >>> Security Engineer, Adalogics >>> www.adalogics.com, +44 (0) 7885484453 >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Prometheus Developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/prometheus-developers/d152d358-d67c-4300-8912-56d1689ec178%40googlegroups.com >>> <https://groups.google.com/d/msgid/prometheus-developers/d152d358-d67c-4300-8912-56d1689ec178%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/4e6f34f6-96a2-4dbc-bfd3-ad67f284eee6%40googlegroups.com > <https://groups.google.com/d/msgid/prometheus-developers/4e6f34f6-96a2-4dbc-bfd3-ad67f284eee6%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CA%2BT6YoyEVk7pg6WoLSbgXH4g2OMYOGe86UgLL%2BMZqKXjbAGUDQ%40mail.gmail.com.
