You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've recently become interested in folly. I'd like to suggest and champion an effort to set up some basic fuzz-testing and combine it with google/oss-fuzz for continuous fuzzing. I'm fully aware that you are very busy people and I don't want to overload your review/maintenance capacity. Is this a bad time to discuss potential security/reliability improvements?
If you're not familiar with fuzzing or oss-fuzz I've included a few brief notes below.
Benefits of Fuzz-Testing
Dynamic Code Testing: Fuzz-testing challenges systems with unexpected data, aiming to identify vulnerabilities or bugs. It’s akin to an exhaustive stress-test for the code.
Detecting Hidden Vulnerabilities: It can uncover potential weaknesses that may not be evident in routine tests.
Continuous and Automated Testing: With tools like Google’s OSS-Fuzz, fuzz-testing can be automated, running continuously on distributed systems, ensuring daily resilience checks.
Google/oss-fuzz for Continuous Fuzzing
Automated Fuzzing: OSS-Fuzz undertakes comprehensive fuzz-testing daily on a distributed cluster.
Detailed Reporting: OSS-Fuzz offers exhaustive reports in case of detected anomalies, enabling effective action.
I’d be more than happy to lead the effort in integrating fuzz testing with the folly and assist in any way required.
Prior integrations
There have been a number of previous integrations completed with facebook repositories and google/oss-fuzz including;
facebook/time
facebook/zstd
facebookexperimental/starlark-rust (this was me)
facebook/proxygen
facebook/hermes
facebook/rocksdb
As a proof of concept I created a couple of super simple fuzz harnesses for json.h and Format.h in #2120
The text was updated successfully, but these errors were encountered:
Hey folly team,
I've recently become interested in folly. I'd like to suggest and champion an effort to set up some basic fuzz-testing and combine it with google/oss-fuzz for continuous fuzzing. I'm fully aware that you are very busy people and I don't want to overload your review/maintenance capacity. Is this a bad time to discuss potential security/reliability improvements?
If you're not familiar with fuzzing or oss-fuzz I've included a few brief notes below.
Benefits of Fuzz-Testing
Google/oss-fuzz for Continuous Fuzzing
I’d be more than happy to lead the effort in integrating fuzz testing with the folly and assist in any way required.
Prior integrations
There have been a number of previous integrations completed with facebook repositories and google/oss-fuzz including;
As a proof of concept I created a couple of super simple fuzz harnesses for
json.h
andFormat.h
in #2120The text was updated successfully, but these errors were encountered: