search

dhbaird / easywsclient

A short and sweet WebSocket client for C++
MIT License
741 stars 205 forks source link

Integrating with OSS-Fuzz #90

Closed Google-Autofuzz closed 4 years ago

Google-Autofuzz commented 4 years ago

Greetings easywsclient developers and contributors,

We’re reaching out because your project is an important part of the open source ecosystem, and we’d like to invite you to integrate with our fuzzing service, OSS-Fuzz. OSS-Fuzz is a free fuzzing infrastructure you can use to identify security vulnerabilities and stability bugs in your project. OSS-Fuzz will:

Many widely used open source projects like OpenSSL, FFmpeg, LibreOffice, and ImageMagick are fuzzing via OSS-Fuzz, which helps them find and remediate critical issues.

Even though typical integrations can be done in < 100 LoC, we have a reward program in place which aims to recognize folks who are not just contributing to open source, but are also working hard to make it more secure.

We want to stress that anyone who meets the eligibility criteria and integrates a project with OSS-Fuzz is eligible for a reward.

To help you getting started, we can attach our internal fuzzer for your project that you are welcome to use directly, or to use it as a starting point.

If you're not interested in integrating with OSS-Fuzz, it would be helpful for us to understand why—lack of interest, lack of time, or something else—so we can better support projects like yours in the future.

If we’ve missed your question in our FAQ, feel free to reply or reach out to us at oss-fuzz-outreach@googlegroups.com.

Thanks!

Tommy OSS-Fuzz Team

Google-Autofuzz commented 4 years ago

We can also help by starting the OSS-Fuzz integration process for you if lack of time. We just need a google email from you to send bugs to you when libfuzzer finds any.

dhbaird commented 4 years ago

This sounds great. What step would you like me to take to get started? Thanks.

Google-Autofuzz commented 4 years ago

Here is the link to how to set up a new project to OSS-Fuzz: https://github.com/google/oss-fuzz/tree/master/projects Please don't hesitate to ask questions or concerns if you need help. Thanks. @dhbaird

dhbaird commented 4 years ago

I want to do this, but have been swamped in other work. It may be better if you can do the setup steps for me, that you mentioned. You can use this email address: dhbaird@gmail.com. Thanks.

Google-Autofuzz commented 4 years ago

Easywsclient has been PR to OSS-Fuzz (https://github.com/google/oss-fuzz/pull/3126). Please take a look and make any changes or add fuzzers as you like. I think it makes sense to close this issue now.