Google is soliciting security sensitive, open source projects to submit “fuzzing” recipes to their new “continuous fuzzing” service the developed as part of Chrome:
Based on feedback and inspiration gained at Core Infrastructure Workshops, and from many of you in other venues, we are launching a pilot program aimed at making continuous fuzzing an integral part of every Open Source library that consumes untrusted or complex inputs. This is a big challenge, and we would love your participation and help!
As a part of this program, we are starting to beta-test OSS-FUZZ (
https://github.com/google/oss-fuzz), a piece of infrastructure that will
allow OSS projects to benefit from our end-to-end automated fuzzing
system. OSS-FUZZ is a thin layer on top of ClusterFuzz
large-scale fuzzing infrastructure that found thousands of bugs in
Since sqlcipher already runs on GNU/Linux x86_64 and there is already a sqlite3 recipe, this should be quite easy to do:
I was thinking of doing it myself, but I’m poorly positioned these days to respond to the issues that they find. So I’m bringing it up here!