Open DavidKorczynski opened 3 months ago
An example OSS-Fuzz project that has low coverage (5% at the time of writing https://introspector.oss-fuzz.com/project-profile?project=neomutt and https://storage.googleapis.com/oss-fuzz-coverage/neomutt/reports/20240716/linux/report.html) but a wealth of tests that can be converted: https://github.com/neomutt/neomutt/tree/main/test
Option (1) above has been implemented in https://github.com/google/oss-fuzz-gen/pull/495
Test-to-harness conversion by way of LLM sounds like an interesting avenue and is very commonly an approach taken by security engineers when first approaching a given project.
I see multiple steps:
1) Enable in experimental without use of FI 2) Enable in core without use of FI 3) Assess quality overall 4) See if improvements can be made using more program analysis data by way of FI