cncf-toc@lists.cncf.io | FYI: Fuzzing for CNCF Projects

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

FYI: Fuzzing for CNCF Projects

Chris Aniszczyk #5570 Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853 I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits. -- Chris Aniszczyk (@cra) cncf-fuzzing-audit.pdf cncf-fuzzing-audit.pdf
More All Messages By This Member
Lorenzo Fontana <fontanalorenz@...> #5571 Thanks for sharing, this is a very useful initiative Chris. I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller[0] to perform continuous fuzzing of the inputs/language parser. I’ll bring up this topic at the next Falco community call to see what other maintainers think. Thanks again for sharing! Lore [0]: https://syzkaller.appspot.com/ toggle quoted message Show quoted text On Mon, 4 Jan 2021 at 22:31 Chris Aniszczyk <caniszczyk@...> wrote: Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853 I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits. -- Chris Aniszczyk (@cra)
More All Messages By This Member
Katie Gamanji #5583 That's a very insightful report! Would be great to see more CNCF projects using fuzzing integration to simplify vulnerability scanning and bug fixing. toggle quoted message Show quoted text On Mon, Jan 4, 2021 at 10:04 PM Lorenzo Fontana <fontanalorenz@...> wrote: Thanks for sharing, this is a very useful initiative Chris. I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller[0] to perform continuous fuzzing of the inputs/language parser. I’ll bring up this topic at the next Falco community call to see what other maintainers think. Thanks again for sharing! Lore [0]: https://syzkaller.appspot.com/ On Mon, 4 Jan 2021 at 22:31 Chris Aniszczyk <caniszczyk@...> wrote: Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853 I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits. -- Chris Aniszczyk (@cra)
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms