Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Jun 2019 16:34:38 +0200
From: Florian Weimer <fweimer@...hat.com>
To: "Stuart D. Gathman" <stuart@...hman.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz

* Stuart D. Gathman:

> Question: is fuzzing useful for languages like Java/python?

Fuzzing is used to show that a function is partial, when it is expected
to be total.  That can be useful with any language which has partial
functions.

If anything, it should be easier with Java and Python because these
languages have many more language-defined checks causing abnormal
function termination, while with C code, you have to inject such checks
with complicated instrumentation.

Thanks,
Florian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.