Dear community! Thanks for your incredible support so far. With great OSS projects that use our platform like systemd, radare2, apache-arrow, syzkaller and many others we want to announce a reward program and help spread the love of continuous fuzzing!
What’s The Reward?
- Each individual/project/group of people will be eligible for a total of $500 (USD) cash reward for integrating a project with our continuous fuzzing platform.
- Additional $500 if no fuzz targets where available before in the project and the contributor wrote them as well as integrated them to fuzzit.
How Do I get rewarded?
You will need to integrate Fuzzit with a popular Go or Rust OSS project that have more than > 1.5k stars.
An eligible integration must include the following:
- At least one libFuzzer (go-fuzz or cargo-fuzz) fuzz target available in the project.
- The fuzz targets must compile and run successfully without crashing or going out-of-memory (immediately).
- The fuzz targets must be “substantial” i.e providing good coverage >60% (for all the fuzz targets together)
- Additional two steps in the current CI system of the project
- Fuzzit fuzzing – Every push to master the fuzzers will be uploaded to Fuzzit via CLI (fuzzit create job command).
- Fuzzit regression – This will build and run the fuzzers locally via the CLI with the corpus that was generated from the previous step + all the fixed crashes (fuzzit create job –local command).
- Fuzzit badge in the readme:)
- Another clarification – the integration should be merged to the upstream repository and not an outside repo.
- Some projects we already contributed a PR and it’s under review so please make sure there is no PR under review already.
From our observation some project already have fuzz targets available and they are just not being run continuously. In our opinion integrating them will be the most “low hanging fruit”.
See our basic examples of how fuzzit integration should look like:
Our CLI is open-source and available here
A good “in the wild” example of fuzzit integration is available at syzkaller
We would like to thanks our current contributors/bug reports and users. Now spread the fuzz and get rewarded!