Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFLite and OSV #75

Closed
evverx opened this issue Jan 20, 2022 · 2 comments
Closed

CFLite and OSV #75

evverx opened this issue Jan 20, 2022 · 2 comments

Comments

@evverx
Copy link
Contributor

evverx commented Jan 20, 2022

It's more of a question than a feature request. I'm considering moving some projects from OSS-Fuzz to CFLite and I wonder whether it's safe to assume that CFLite won't be integrated with https://osv.dev/ by sharing its results with the database or anything like that?
@jonathanmetzman
Copy link
Collaborator

I don't have any plans to do this, but I can't say for sure it won't ever happen.
Why stop oss-fuzz, is it because of OSV?

@evverx
Copy link
Contributor Author

evverx commented Jan 20, 2022

I don't have any plans to do this, but I can't say for sure it won't ever happen.

Good to know. Thanks!

Why stop oss-fuzz, is it because of OSV?

As far as I understand its API is used by bash scripts or something like that to automatically assign CVEs without vetting them much. I think I mentioned that at least twice last year somewhere but it just keeps happening and it appears it won't change in the foreseeable future (given that the API is open and isn't covered by any terms of use apart from the standard ones).

@evverx evverx closed this as completed Jan 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evverx @jonathanmetzman