[FEATURE] OSS-FUZZ Integration

[TheCrott]

Hi @gunnsth

I want to offer free fuzzing integration with Google fuzzing service, OSS-Fuzz. OSS-Fuzz is a free fuzzing infrastructure you can use to identify security vulnerabilities and stability bugs in your project. OSS-Fuzz will:

• Continuously run at scale all the fuzzers you write.
• Alert you when it finds issues.
• Automatically close issues after they’ve been fixed by a commit.

Many widely used open source projects like OpenSSL, FFmpeg, LibreOffice, and ImageMagick are fuzzing via OSS-Fuzz, which helps them find and remediate critical issues.

This is a free offer from Google to make opensource library more secure. The interesting part is Google have a reward program upto $20k for successful integration.

Means we can get money after integration is done. I can help you write fuzzing harness and provide more corpus or seed data.

Thanks!

[github-actions[bot]]

Welcome! Thanks for posting your first issue. The way things work here is that while customer issues are prioritized, other issues go into our backlog where they are assessed and fitted into the roadmap when suitable. If you need to get this done, consider buying a license which also enables you to use it in your commercial products. More information can be found on https://unidoc.io/