Date: Thu, 20 Nov 2014 20:18:15 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Fuzzing project brainstorming On Fri, 21 Nov 2014 05:30:36 +1300 Amos Jeffries <squid3@...enet.co.nz> wrote: > Since they are coming from fuzzing a copy of the exact input which led > to it is also valuable. There is nothing worse than having to guess at > what might have led to a crash when the input could literally have > been anything at all. I see it pretty much as a given condition that you give the copy of the crashing input to the upstream devs. I can hardly think of a reason not to do so (the only thing that comes to mind are confidential or copyrighted files, I try to make sure I always start fuzzing with inputs that are freely licensed or created by myself to avoid that). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.