You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OSS-Fuzz automatically assigns severity for bugs. This is a great first-pass triage, but sometimes OSS-Fuzz is wrong. It may over-level the bug if it's a bug in the fuzzer and not actual code, or in an irrelevant part of the system. It may under-level the bug if it's a case where non-memory-safety correctness still has serious ramifications, e.g. some kinds of cryptographic errors.
Now that OSS-Fuzz bugs are integrated into OSV, these mistakes go from cosmetic issues to actual problems.
The text was updated successfully, but these errors were encountered:
This is a companion to #11925
OSS-Fuzz automatically assigns severity for bugs. This is a great first-pass triage, but sometimes OSS-Fuzz is wrong. It may over-level the bug if it's a bug in the fuzzer and not actual code, or in an irrelevant part of the system. It may under-level the bug if it's a case where non-memory-safety correctness still has serious ramifications, e.g. some kinds of cryptographic errors.
Now that OSS-Fuzz bugs are integrated into OSV, these mistakes go from cosmetic issues to actual problems.
The text was updated successfully, but these errors were encountered: