[libvirt] How about fuzz testing on oss-fuzz?
Daniel P. Berrange
berrange at redhat.com
Tue May 9 09:01:46 UTC 2017
On Fri, Mar 31, 2017 at 10:23:33AM +0200, Peter Krempa wrote:
> On Fri, Mar 31, 2017 at 03:57:41 -0400, Dan wrote:
> > Hi all,
> >
> > I have seen libxml2 has already been added as a project in oss-fuzz [1].
> > Any idea about libvirt? While we could do our own fuzzing of some form, do
> > we want to also try it out using google's free resource?
>
> The oss-fuzz project requires you to integrate the project with
> the libfuzz fuzzer in the first place so you have to make it run locally
> first anyways.
>
> Doing it on the oss-fuzz project is still the step after that.
FYI, google is now offering rewards to projects that integrate
with oss-fuzz
"To qualify for these rewards, a project needs to have a large
user base and/or be critical to global IT infrastructure.
Eligible projects will receive $1,000 for initial integration,
and up to $20,000 for ideal integration (the final amount is
at our discretion). You have the option of donating these
rewards to charity instead, and Google will double the amount."
I'd like to think libvirt qualifies under "large user base" and
"critical to global IT" given prevelance of the cloud these days,
but no guarantees
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
Not that libvirt really has any current need for monetary funds. If it ever
came to pass, we could just have a poll amongst active contributors to
vote on suggestions of what todo with it (donate it, spend it, fund something,
etc).
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list