DavidKorczynski

Yes, it may find issues not related to the PR. In short, it simply works by running the fuzzers on the PR. I think CIFuzz may do something to prioritise...

They key use case is to catch bugs before they are committed to a project. Many existing oss-fuzz projects already use this, e.g. curl, systemd, libssh and many more, and...

Wonderful @c-rack - the only thing needed is an email(s) connected to a Google account that can be used for receiving the bugs reports, which email can I use?

@c-rack ping (on the email)?

Thanks for letting me know you're interested in fuzzing @sybrenstuvel -- I will look to address the issues you mention!

> The `atheris` module should be listed as optional development dependency, and the test should be gracefully skipped when it cannot be imported. > Am not sure how you would...

I'm the author of the fuzzers in the OSS-Fuzz repo (https://github.com/google/oss-fuzz/tree/master/projects/aiohttp). Sorry to see this mess -- the CVE filing or security filing does not come from OSS-Fuzz and am...

> Any idea or timeline when the above PR would be done ? Are you referring to the PR I discuss? If so, reviving that PR will have no impact...

@parrt could you also address this one? https://github.com/antlr/antlr4/issues/3143 Difference being one is java (this) the other is c++

Could you write a bit about why credsweeper is a critical open source project, i.e. who are the customers of credsweeper?