[mapserver-dev] Fuzzing MapServer
Steve Lime
sdlime at gmail.com
Thu Apr 15 10:28:50 PDT 2021
I hear what you're saying from a release standpoint. I guess I could have
said "initiate a fuzzing effort" as part of the 8.0 release. I like
your idea to concentrate on the query string, that represents a pretty big
surface depending what the fixed mapfile contains. With oss-fuzz there's a
time limit on certain types of bugs before public disclosure, correct?
That's a bit worrisome if you got slammed and nobody was available to
address bugs.
Are there alternatives to oss-fuzz that could be considered (Seth
referenced one of them)?
Funding would be great although our only source of $'s at the moment is the
OSGeo project budget which is really small and partially committed to the
TravisCI subscription. Unless there's someone out there that's listening
that would like to fund an effort like this. It's definitely something I'd
like to work on.
--Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20210415/1811d13b/attachment-0001.html>
More information about the mapserver-dev
mailing list