Thanks, existing fuzzers are the *_fuzzer.cpp files at: https://github.com/zeromq/libzmq/tree/master/tests
On Wed, 19 Oct 2022 at 16:04, Amir Montazery <[email protected]> wrote: > Of course, that is understandable. Thank you all for maintaining such an > important project despite your busy schedules! I hope we can find a way to > help make your lives easier. > > What we can contribute is a security review by an experienced team to > assess general design review; code quality, defensive programming, and best > practices, as well as opportunities to improve fuzzing. Additional fuzzers > can be built and the team can integrate the project to oss-fuzz for > continuous monitoring of security issues. Based on our experience, when > security teams have a line of contact with the project maintainers, they > can be guided and better utilized to help. > > I'm fairly certain that we can provide new fuzzers/test cases and will get > more specific details for you on that. > > Thank you! > Amir > > > > > > On Tue, Oct 18, 2022 at 3:26 PM Luca Boccassi <[email protected]> > wrote: > >> Hi, >> >> Thanks for the offer, but let's continue via mail please, we are all very >> busy as-is. >> >> What can you contribute, concretely? I have already set up fuzzing some >> time ago. Can you provide new fuzzers/test cases? If so that would be >> great, just send pull requests to the repository. >> >> On Wed, 12 Oct 2022 at 13:10, Amir Montazery <[email protected]> wrote: >> >>> We can help with whatever the project needs. The intention is to connect >>> the project maintainer(s)/contributor(s) with our security team (made up of >>> security experts and Google Open Source Security engineers) to help where >>> the project needs it most. We can help with bug fixes, security tooling i.e >>> fuzzing and developing fuzzers for the project, CI/CD, and anything else >>> that will help zeromq be more secure! >>> >>> Thankfully we have resources to help and are able to compensate >>> maintainer(s) who participate in the engagement to show our gratitude for >>> your time and efforts. >>> >>> I'd be happy to set up a quick introductory call with anyone interested >>> in learning more. >>> >>> Thank you and have a great day! >>> Amir >>> >>> On Tue, Oct 11, 2022 at 10:05 PM Luca Boccassi <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> What kind of support are you able to provide? >>>> >>>> On Tue, 11 Oct 2022 at 14:30, Amir Montazery <[email protected]> wrote: >>>> >>>>> Yes, I meant zeromq. Thank you Arnaud! That is my mistake. >>>>> >>>>> That’s great news, we have teams ready to help. Would you be a good >>>>> person to coordinate that with? If anyone else comes to mind to include >>>>> please let me know! >>>>> >>>>> I would be happy to set up a quick call to meet and discuss how we can >>>>> best be of service to the zeromq project. >>>>> >>>>> Thank you, >>>>> Amir >>>>> >>>>> On Tue, Oct 11, 2022 at 1:22 PM Arnaud Loonstra <[email protected]> >>>>> wrote: >>>>> >>>>>> Are you sure you are on the right list? This the zeromq list not >>>>>> dnsmasq. >>>>>> >>>>>> We'd appreciate any help for sure! >>>>>> >>>>>> Rg, >>>>>> >>>>>> Arnaud >>>>>> >>>>>> On 07-10-2022 21:46, Amir Montazery wrote: >>>>>> > Hello dnsmasq community! OSTIF would like to help improve your >>>>>> security >>>>>> > posture! >>>>>> > >>>>>> > I’m Amir from Open Source Technology Improvement Fund, Inc. OSTIF >>>>>> > <https://ostif.org/> is a nonprofit solely dedicated to helping >>>>>> open >>>>>> > source projects improve their security for free. >>>>>> > >>>>>> > We are working with a team of Google engineers and security experts >>>>>> to >>>>>> > help important open source projects like dnsmasq. This includes >>>>>> helping >>>>>> > improve testing, reviewing code, implementing more security tools, >>>>>> and >>>>>> > improving supply chain security. >>>>>> > >>>>>> > Additionally, we understand the time constraints that open source >>>>>> > contributors have, and would like to compensate contributors for >>>>>> their >>>>>> > time working with us. >>>>>> > >>>>>> > We would love to work with you! Please let me know who we should be >>>>>> > talking to and how we can help! >>>>>> > >>>>>> > Thank you in advance for your consideration! >>>>>> > >>>>>> > Best, >>>>>> > >>>>>> > Amir >>>>>> > >>>>>> > >>>>>> > -- >>>>>> > *Amir Montazery* >>>>>> > Managing Director >>>>>> > Open Source Technology Improvement Fund >>>>>> > https://ostif.org/ <https://ostif.org/> >>>>>> > https://calendly.com/ostif <https://calendly.com/ostif> >>>>>> > >>>>>> > >>>>>> > _______________________________________________ >>>>>> > zeromq-dev mailing list >>>>>> > [email protected] >>>>>> > https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>>>>> _______________________________________________ >>>>>> zeromq-dev mailing list >>>>>> [email protected] >>>>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>>>>> >>>>> -- >>>>> *Amir Montazery* >>>>> Managing Director >>>>> Open Source Technology Improvement Fund >>>>> https://ostif.org/ >>>>> https://calendly.com/ostif >>>>> >>>>> _______________________________________________ >>>>> zeromq-dev mailing list >>>>> [email protected] >>>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>>>> >>>> _______________________________________________ >>>> zeromq-dev mailing list >>>> [email protected] >>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>>> >>> >>> >>> -- >>> *Amir Montazery* >>> Managing Director >>> Open Source Technology Improvement Fund >>> https://ostif.org/ >>> https://calendly.com/ostif >>> >>> _______________________________________________ >>> zeromq-dev mailing list >>> [email protected] >>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>> >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >> > > > -- > *Amir Montazery* > Managing Director > Open Source Technology Improvement Fund > https://ostif.org/ > https://calendly.com/ostif > > _______________________________________________ > zeromq-dev mailing list > [email protected] > https://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] https://lists.zeromq.org/mailman/listinfo/zeromq-dev
