wow pretty awesome to see such a QA pipeline in Open Source projects. I'm used t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		DyslexicAtheist on April 5, 2018 \| parent \| context \| favorite \| on: Patch runs ed, and ed can run anything wow pretty awesome to see such a QA pipeline in Open Source projects. I'm used to this in expensive R&D pipelines in the Telco space[0]. Is there a reason you're not using oss-fuzz[1]? I recently did a lot of work using AFL-fast[2] (poking mostly Perl & Lua and crappy IoT products). My experience is that AFL-fast yielded far better results (in a fraction of the time) when compared to AFL. [0] http://www.syssec-project.eu/m/page-media/3/johansson_tfuzz_... [1] https://github.com/google/oss-fuzz [2] https://github.com/mboehme/aflfast

pixelbeat__ on April 6, 2018 [–]

aflfast is mentioned in my second link and was the most used fuzzing implementation to find bugs in coreutils.

We've had a quick look at using oss-fuzz, which will need a bit of work since it's more suited to libraries rather than standalone utils.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact