Continuous fuzzing #3038
Labels
area/build
Build or GithubAction/CI issues
type/feature
Feature request
type/security
Security related
Comments
This comment was marked as resolved.
This comment was marked as resolved.
agilgur5
added
type/feature
|
For posterity, some fuzzers were added to the CNCF fuzzing repo: https://github.com/cncf/cncf-fuzzing/tree/07bfece/projects/argo |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
and others
Summary
I have been fuzzing Argo, and I would like to contribute my fuzzer to Argo. The fuzzer runs locally, and I have managed to get it running on oss-fuzz's infrastructure as well. I would suggest that continuous fuzzing is implemented into Argos via oss-fuzz. This will allow the current fuzzer as well as all future fuzzers continuously in search for bugs.
Continuous fuzzing has been proven to find bugs over time. A bug took several CPU years of fuzzing to find.
If Argo is accepted into the oss-fuzz project and a bug is found, maintainers on the email list receive a detailed bug report. The service is offered free of charge with an implied expectation that the bugs are fixed, so that the resources spent on fuzzing Argo are put to good use.
I will be glad to implement Argo into oss-fuzz. All I need are the email addresses to add to the mailing list of the bug reports. This list is public and can be changed at any time.
Motivation
Fuzzing is a technique that has proven effective in find bugs including vulnerabilities.
Proposal
We take two steps:
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
The text was updated successfully, but these errors were encountered: