🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We're happy to announce the completion of a fuzzing security audit done by ADA Logics and CNCF 🎉 Read the blog post here: blog.dapr.io/posts/2023/06/…

Fantastic security fuzzing audit for Dapr. From the report: "[The Ada Logics team] were impressed with the low count of issues found given the large number of fuzzers created. This is a testament to the well-written and well-maintained codebase of the Dapr project." 💪

The Notary Project recently worked with #CNCF and Ada Logics to perform the first security audit of the Notation libraries and CLI 🔐 7 issues were discovered and have all been fixed by project maintainers. Learn more about the findings on the blog 👉 cncf.io/blog/2023/07/1…

Fuzz Introspector is an open source tool that provides insights and suggestions for improvements on how software projects are being fuzzed David Korczynski & AdamKorcz take a look & share recent updates in our latest blog: openssf.org/blog/2023/07/2… #fuzzing

Excited to announce that the Crossplane 🔒security audit is officially complete - a major step to mature, harden, and grow enterprise confidence in the project. Thank you to ADA Logics, CNCF, and OSTIF Official. Blog post: bit.ly/3pYXXT7

SLSA announces “Build Your Own Builder” (BYOB) framework for GitHub Actions - designed to empower the community to create your own provenance builders & leverage the secure architecture of the official SLSA builders slsa.dev/blog/2023/08/b…

Awesome to see jq having the first release in almost 5 years -- release including OSS-Fuzz integration! github.com/jqlang/jq/rele… Continuous fuzzing is now securing a favourite json tool! Next up? Extend with more #fuzzing introspector.oss-fuzz.com/project-profil…

Kyverno completes fuzzing security audit cncf.io/blog/2023/09/1… via CNCF by AdamKorcz

Made a video on open source fuzzing introspection and how you can analyze the fuzzing set up of OSS-Fuzz projects using introspector.oss-fuzz.com -- youtu.be/RLoLfo2V2HI e.g. track coverage progress, find interesting targets and more!

Am excited to be going to #Kubecon alongside AdamKorcz next week and give a #fuzzing demo at the Security Hub! Come learn how to set up fuzzing and create a continuous fuzzing set up using OSS-Fuzz! kccncna2023.sched.com/event/1TxW4

[NEWS FROM #KUBECON] Learn about updates to #CNCF Fuzzing practices for 2023! Fuzzing is crucial for ensuring secure and reliable software 🔒 Recent updates include a new Fuzzing Handbook + 3 recent audits for #Dapr, #Kyverno + #Knative! Read more: cncf.io/blog/2023/11/0…

Excited to release a #CNCF #fuzzing handbook, focused on how to get started with fuzzing and includes an entire chapter on OSS-Fuzz and how to integrate open source projects for continuous fuzzing. Handbook available on GitHub: github.com/cncf/tag-secur…

OSS-Fuzz Visual Studio Code Extension Introduction! New extension that can significantly improve #fuzz dev experience. I made a demo in which I increase cJSON code coverage from 43% to 73% using convenient features from the extension: youtube.com/watch?v=7bvRbE…

The Kyverno project collaborated with ADA Logics OSTIF Official and CNCF to complete a comprehensive 3rd party security audit, and fix all issues found during the audit. cncf.io/blog/2023/12/0… #Kubernetes #Security

The beloved jq recently had the first release in almost 5 years github.com/jqlang/jq/issu… -- now with full continuous #fuzzing by way of #OSS-Fuzz 🥳🥳🥳

Thanks to ADA Logics for doing a security audit recently for Minder! They analyzed our threat model and vulnerable code patterns, so that we can make Minder even more secure. stacklok.com/blog/securing-… #cybersecurity

Second OSS-Fuzz blog post on fuzz harness generation for Java! blog.oss-fuzz.com/posts/introduc… We've been quiet for a while but have a few interesting posts coming in the pipeline about our research.

OSS-Fuzz-gen uses #LLMs for #fuzzing auto-harnessing, bug triaging and more. So far, real harnesses and real bugs on real projects. I made a short introduction video that shows the full OSS-Fuzz-gen workflow on a sample project youtube.com/watch?v=RR7CUy…

"Fuzz Introspector: enabling rapid fuzz introspection tool development" -- a new blog post on Fuzz Introspector and how it is moving into supporting analysis as a pure python library. adalogics.com/blog/fuzz-intr… Also, follow me bluesky: bsky.app/profile/davkor… #fuzzing

Auto generating #fuzzing harnesses by way of program analysis and #LLMs! New blog post "Minimal LLM-based fuzz harness generator": adalogics.com/blog/minimal-l… We show how you can generate a sophisticated fuzz harness synthesis tool with a few lines of code.