I have never used Fuzzit, but it looks and sounds like they are offering continuous fuzzing for open source projects free of charge which is super awesome!
If that is the case, my estimate would be that the primary gain would be to get more cpu power for the fuzzers. This would be a benefit for the project, since it has been proven to keep fuzzers running for longer periods. This bug <https://www.openssl.org/news/secadv/20170126.txt> for example took 3 CPU years of fuzzing to find. A suggestion could also be to try running the fuzzers on both platforms and get the benefits of both projects. We could see if this in practice reaps any practical benefits during the course of a trial period of a couple of months. On Wednesday, 13 May 2020 18:56:20 UTC+1, Julius Volz wrote: > > +cc Yevgeny from Fuzzit for comment > > Currently we are being fuzzed (also for free) by Fuzzit: > https://app.fuzzit.dev/orgs/prometheus - Yevgeny from Fuzzit initiated > that a while ago, and it has found a couple of bugs so far, thanks for that! > > @Adam: could you help us understand what oss-fuzz would give us beyond > that, maybe more fuzzing capacity or something like that? (I'm not a > fuzzing expert) > > On Wed, May 13, 2020 at 12:34 PM Adam Korczynski <ad...@adalogics.com > <javascript:>> wrote: > >> Dear all maintainers, >> >> This was a message sent to a few maintainers of Prometheus, and it was >> suggested by Julien to post it here. >> >> I see that Prometheus is being fuzzed. That is awesome! >> >> I would like to suggest integrating Prometheus into oss-fuzz. This will >> allow Google to run the current fuzzer and all future fuzzers on their >> infrastructure. If a bug is found, all maintainers on the contact list >> receive an email with a detailed bug report. >> The service is offered free of charge with an implied expectation that >> found bugs are fixed, so that the fuzzers can keep running continuously. >> >> I will be glad to integrate Prometheus into oss-fuzz. All I need are the >> email addresses of the maintainers to add to the contact list for the bug >> reports. >> >> Kind regards >> Adam Korczynski >> Security Engineer, Adalogics >> www.adalogics.com, +44 (0) 7885484453 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Prometheus Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to prometheus-developers+unsubscr...@googlegroups.com <javascript:> >> . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/prometheus-developers/d152d358-d67c-4300-8912-56d1689ec178%40googlegroups.com >> >> <https://groups.google.com/d/msgid/prometheus-developers/d152d358-d67c-4300-8912-56d1689ec178%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/4e6f34f6-96a2-4dbc-bfd3-ad67f284eee6%40googlegroups.com.
