oss-sec mailing list archives

Re: Fuzzing project brainstorming

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 20 Nov 2014 20:18:15 +0100

On Fri, 21 Nov 2014 05:30:36 +1300
Amos Jeffries <squid3 () treenet co nz> wrote:

Since they are coming from fuzzing a copy of the exact input which led
to it is also valuable. There is nothing worse than having to guess at
what might have led to a crash when the input could literally have
been anything at all.


I see it pretty much as a given condition that you give the copy of the
crashing input to the upstream devs. I can hardly think of a reason not
to do so (the only thing that comes to mind are confidential or
copyrighted files, I try to make sure I always start fuzzing with
inputs that are freely licensed or created by myself to avoid that).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Current thread:

Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming Kurt Seifried (Nov 20)
  - Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
    - Re: Fuzzing project brainstorming Sven Kieske (Nov 20)
    - Re: Fuzzing project brainstorming Amos Jeffries (Nov 20)
    - Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
    - Re: Fuzzing project brainstorming Michal Zalewski (Nov 20)
    - Re: Fuzzing project brainstorming Alexander Cherepanov (Nov 20)
    - Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
    - Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming M.T. Roebuck (Nov 20)
  - Re: Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
    - Re: Re: Fuzzing project brainstorming Daniel Kahn Gillmor (Nov 20)
    - Re: Fuzzing project brainstorming M.T. Roebuck (Nov 21)
- Re: Fuzzing project brainstorming Michal Zalewski (Nov 20)