You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have some moral/privacy issues with using a google server to find vulns. But if you want to take it up for it DM me on matrix we can try to come up with something.
I have some moral/privacy issues with using a google server to find vulns. But if you want to take it up for it DM me on matrix we can try to come up with something.
But very against using a centralized google service (And the accepting their rules) for fuzzing.
Not sure you have actually read the google rules. They have some restrictive policies.
eg:
Once a project is signed up for OSS-Fuzz, it is automatically subject to the 90-day disclosure deadline for newly reported bugs in our tracker. This matches industry’s best practices and improves end-user security and stability by getting patches to users faster.
While 90 day disclosure period is fine for normal software if something requires a consensus change we cant get it done in 90 days.. So then it would require some patch work and multiple fixes. We will be working on their timeline instead of our own.
Enable Fuzz testing with
oss-fuzz
https://github.com/google/oss-fuzz , the oss-fuzz helped to identify with ethereum DoS https://adalogics.com/blog/the-importance-of-continuity-in-fuzzing-cve-2020-28362The text was updated successfully, but these errors were encountered: