Henry Lin created CALCITE-5781:
----------------------------------

             Summary: Integrating Apache Calcite into OSS-Fuzz
                 Key: CALCITE-5781
                 URL: https://issues.apache.org/jira/browse/CALCITE-5781
             Project: Calcite
          Issue Type: Test
            Reporter: Henry Lin


Hi all,

We have prepared the [initial 
integration|https://github.com/google/oss-fuzz/pull/10536] of Apache Calcite 
into [Google OSS-Fuzz|https://github.com/google/oss-fuzz] which will provide 
more security for your project.

 

*Why do you need Fuzzing?*
The Code Intelligence JVM fuzzer 
[Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has already found 
[hundreds of 
bugs|https://github.com/CodeIntelligenceTesting/jazzer/blob/main/docs/findings.md]
 in open source projects including for example 
[OpenJDK|https://nvd.nist.gov/vuln/detail/CVE-2022-21360], 
[Protobuf|https://nvd.nist.gov/vuln/detail/CVE-2021-22569] or 
[jsoup|https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c]. 
Fuzzing proved to be very effective having no false positives. It provides a 
crashing input which helps you to reproduce and debug any finding easily. The 
integration of your project into the OSS-Fuzz platform will enable continuous 
fuzzing of your project by 
[Jazzer|https://github.com/CodeIntelligenceTesting/jazzer].

 

*What do you need to do?*
The integration requires the maintainer or one established project committer to 
deal with the bug reports.

You need to create or provide one email address that is associated with a 
google account as per 
[here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/].
 When a bug is found, you will receive an email that will provide you with 
access to ClusterFuzz, crash reports, code coverage reports and fuzzer 
statistics. More than 1 person can be included.

 

*How can Code Intelligence support you?*
We will continue to add more fuzz targets to improve code coverage over time. 
Furthermore, we are permanently enhancing fuzzing technologies by developing 
new fuzzers and bug detectors.

 

Please let me know if you have any questions regarding fuzzing or the OSS-Fuzz 
integration.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to