'[jira] [Created] (AXIS2-6052) Integrating axis2 into oss-fuzz'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kandula-dev
Subject:    [jira] [Created] (AXIS2-6052) Integrating axis2 into oss-fuzz
From:       "A. Schaich (Jira)" <jira () apache ! org>
Date:       2023-01-16 9:59:56
Message-ID: JIRA.13519743.1673863200000.324003.1673863205783 () Atlassian ! JIRA
[Download RAW message or body]

A. Schaich created AXIS2-6052:
---------------------------------

             Summary: Integrating axis2 into oss-fuzz
                 Key: AXIS2-6052
                 URL: https://issues.apache.org/jira/browse/AXIS2-6052
             Project: Axis2
          Issue Type: Improvement
            Reporter: A. Schaich


Hi all,

we have prepared the [Initial Integration|https://github.com/CodeIntelligen=
ceTesting/oss-fuzz/tree/apache-axis2/projects/apache-axis2]=C2=A0of axis2 i=
nto [Google OSS-Fuzz|https://github.com/google/oss-fuzz]=C2=A0which will pr=
ovide more security for your project.

=C2=A0

*Why do you need Fuzzing?*
The Code Intelligence JVM fuzzer=C2=A0[Jazzer|https://github.com/CodeIntell=
igenceTesting/jazzer]=C2=A0has already found=C2=A0[hundreds of bugs|https:/=
/github.com/CodeIntelligenceTesting/jazzer#findings]=C2=A0in open source pr=
ojects including for example=C2=A0[OpenJDK|https://nvd.nist.gov/vuln/detail=
/CVE-2022-21360],=C2=A0[Protobuf|https://nvd.nist.gov/vuln/detail/CVE-2021-=
22569]=C2=A0or=C2=A0[jsoup|https://github.com/jhy/jsoup/security/advisories=
/GHSA-m72m-mhq2-9p6c]. Fuzzing proved to be very effective having no false =
positives. It provides a crashing input which helps you to reproduce and de=
bug any finding easily. The integration of your project into the OSS-Fuzz p=
latform will enable continuous fuzzing of your project by=C2=A0[Jazzer|http=
s://github.com/CodeIntelligenceTesting/jazzer].

=C2=A0

*What do you need to do?*
The integration requires the maintainer or one established project commiter=
 to deal with the bug reports.

You need to create or provide one email address that is associated with a g=
oogle account as per=C2=A0[here|https://google.github.io/oss-fuzz/getting-s=
tarted/accepting-new-projects/]. When a bug is found, you will receive an e=
mail that will provide you with access to ClusterFuzz, crash reports, code =
coverage reports and fuzzer statistics. More than 1 person can be included.

=C2=A0

*How Code Intelligence can support?*
We will continue to add more fuzz targets to improve code coverage over tim=
e. Furthermore, we are permanently enhancing fuzzing technologies by develo=
ping new fuzzers and more bug detectors.

=C2=A0

Please let me know if you have any questions regarding fuzzing or the OSS-F=
uzz integration.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic