[ https://issues.apache.org/jira/browse/LOGGING-182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830484#comment-17830484 ]
Gary D. Gregory commented on LOGGING-182: ----------------------------------------- Please use me as a contact :) > Integrating commons-logging into oss-fuzz > ----------------------------------------- > > Key: LOGGING-182 > URL: https://issues.apache.org/jira/browse/LOGGING-182 > Project: Commons Logging > Issue Type: Improvement > Reporter: A. Schaich > Priority: Minor > > Hi all, > we have prepared the [Initial > Integration|https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/f733d1401dd8cc14c3896100d056b656e9994230] > of commons-logging into [Google OSS-Fuzz|https://github.com/google/oss-fuzz] > which will provide more security for your project. > > *Why do you need Fuzzing?* > The Code Intelligence JVM fuzzer > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has already found > [hundreds of bugs|https://github.com/CodeIntelligenceTesting/jazzer#findings] > in open source projects including for example > [OpenJDK|https://nvd.nist.gov/vuln/detail/CVE-2022-21360], > [Protobuf|https://nvd.nist.gov/vuln/detail/CVE-2021-22569] or > [jsoup|https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c]. > Fuzzing proved to be very effective having no false positives. It provides a > crashing input which helps you to reproduce and debug any finding easily. The > integration of your project into the OSS-Fuzz platform will enable continuous > fuzzing of your project by > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer]. > > *What do you need to do?* > The integration requires the maintainer or one established project commiter > to deal with the bug reports. > You need to create or provide one email address that is associated with a > google account as per > [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/]. > When a bug is found, you will receive an email that will provide you with > access to ClusterFuzz, crash reports, code coverage reports and fuzzer > statistics. More than 1 person can be included. > > *How Code Intelligence can support?* > We will continue to add more fuzz targets to improve code coverage over time. > Furthermore, we are permanently enhancing fuzzing technologies by developing > new fuzzers and more bug detectors. > > Please let me know if you have any questions regarding fuzzing or the > OSS-Fuzz integration. -- This message was sent by Atlassian Jira (v8.20.10#820010)