It is SUGGESTED that at least one dynamic analysis tool be applied to any proposed major production release of the software before its release. #125014
Assignees
Labels
⏳
Bot is counting down the days until it unassigns the issue
infra: security
Security-related infra issues
Comments
godofredoc
changed the title
|
\cc @zanderso |
|
For the engine repo, this would be a heavy lift with a significant design component. There is no fast/easy way to do this. |
darshankawar
added
in triage
flutter-triage-bot
bot
added
the
⏳
|
This issue is assigned to @godofredoc but has had no recent status updates. Please consider unassigning this issue if it is not going to be addressed in the near future. This allows people to have a clearer picture of what work is actually planned. Thanks! |
|
Closing as not planned. |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
[dynamic_analysis] A dynamic analysis tool examines the software by executing it with specific inputs. For example, the project MAY use a fuzzing tool (e.g., American Fuzzy Lop) or a web application scanner (e.g., OWASP ZAP or w3af). In some cases the OSS-Fuzz project may be willing to apply fuzz testing to your project. For purposes of this criterion the dynamic analysis tool needs to vary the inputs in some way to look for various kinds of problems or be an automated test suite with at least 80% branch coverage. The Wikipedia page on dynamic analysis and the OWASP page on fuzzing identify some dynamic analysis tools. The analysis tool(s) MAY be focused on looking for security vulnerabilities, but this is not required.
The text was updated successfully, but these errors were encountered: