Ada Logics OSS-Fuzz integrations

	A	B	C	D	E	F	G
1	Ada Logics OSS-Fuzz integrations
2	https://adalogics.com
3
4	Abstract
5	This sheet is an overview of our work with OSS-Fuzz and fuzzing open source projects. The data we show in this sheet is all public and the search queries below identify how you can get the data yourself. You can find a link below on a blog post detailing our efforts.
6
7	Links
8	Blog post discussing this data: https://adalogics.com/blog/fuzzing-100-open-source-projects-with-oss-fuzz
9	OSS-Fuzz Github repository https://github.com/google/oss-fuzz
10	How OSS-Fuzz fits into the grand scheme of things in open source security: https://security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html
11	Ada Logics fuzz training: https://adalogics.com/training-source-fuzz
12	Ada logics LLVM for security engineering training: https://adalogics.com/training-llvm-for-security
13
14	Queries used for searching
15	In the below queries please substitute "PROJ_NAME" with the project you are interested in.
16	Query for bugs	https://bugs.chromium.org/p/oss-fuzz/issues/list?q=PROJ_NAME%20Type%3DBug&can=1
17	Query for security bugs	https://bugs.chromium.org/p/oss-fuzz/issues/list?q=PROJ_NAME%20Type%3DBug-Security&can=1
18	Query for bugs + reproducible	https://bugs.chromium.org/p/oss-fuzz/issues/list?q=PROJ_NAME%20Type%3DBug%20label%3AReproducible&can=1
19	Query for security bugs + reproducible	https://bugs.chromium.org/p/oss-fuzz/issues/list?q=PROJ_NAME%20Type%3DBug-Security%20label%3AReproducible&can=1
20	Query for bugs + verified	https://bugs.chromium.org/p/oss-fuzz/issues/list?q=PROJ_NAME%20Type%3DBug%20verified&can=1
21	Query for security bugs + verified	https://bugs.chromium.org/p/oss-fuzz/issues/list?q=PROJ_NAME%20Type%3DBug-Security%20verified&can=1
22
23	Overall stats
24	The data we use in this sheet is based purely on the data in Monorail. In particular, there may be some false positives included in the data for example bugs that are due to fuzzers being coded up wrongly (and later fixed) etc.
25	Bugs on Monorail	1545
26	Security bugs on Monorail	559
27	Total issues	2104
28	Bugs verified (fixed)	1038
29	Security bugs verified (fixed)	292
30	Total issues verified	1330
31	Bugs that are either not fixed, declared WontFix or false positives:	774
32
33
34	Project specs			Monorail public stats
35	Project name	Github URL	Language	Bugs	Security Bugs	Bugs verified (fixed)	Security bugs verified (fixed)
36	apache-httpd			11	2	11	2
37	blackfriday			1	0	1	0
38	caddy			8	2	1	0
39	cascadia			5	11	1	0
40	cctz			1	0	0	0
41	cfengine			2	0	0	0
42	cilium			0	5	0	0
43	Civetweb			1	0	1	0
44	Clib			11	0	4	0
45	containerd			3	3	1	0
46	dgraph			3	3	1	0
47	dnsmasq			1	2	0	1
48	dovecot			13	3	9	3
49	dragonfly			3	7	0	0
50	duckdb			9	2	7	1
51	fastjson			2	4	0	0
52	flatbuffers			30	10	29	6
53	flate2-rs			0	0	0	0
54	fluent-bit			115	52	100	44
55	gitea			22	4	17	0
56	go-ethereum			14	9	10	0
57	go-redis			5	2	0	0
58	gpac			30	12	13	2
59	grpc-gateway			5	5	0	0
60	h3			0	1	0	1
61	haproxy			11	2	10	2
62	Hiredis			11	2	7	0
63	httlib2			2	1	0	0
64	httparse			0	0	0	0
65	hugo			2	0	1	0
66	hyperium			5	0	5	0
67	igraph					8	4
68	image-png			3	0	3	0
69	imageio			12	7	1	0
70	istio			19	6	9	0
71	janet			3	0	2	0
72	json5format			7	0	0	0
73	jsoncons			55	3	47	3
74	jsonparser			6	2	4	0
75	jsonschema			0	0	0	0
76	juju			3	2	0	0
77	kamailio			2	0	2	0
78	kOps			0	0	0	0
79	Leptonica			66	45	58	31
80	levelDB			5	0	2	0
81	libiec61850			7	2	7	2
82	libigl			0	0	0	0
83	liblouis			0	0	0	0
84	libpg_query			6	2	1	1
85	libphonenumber			0	0	0	0
86	librdkafka			8	6	5	2
87	libredwg			53	39	34	26
88	libucl			86	22	14	3
89	libyang			44	31	40	30
90	lighttpd			0	0	0	0
91	linkerd2-proxy			13	0	13	0
92	llhttp			0	0	0	0
93	loki			2	3	1	0
94	lotus			4	5	0	0
95	Lua			8	8	3	6
96	md4c			6	3	1	0
97	meshoptimizer			2	0	2	0
98	minify			38	11	34	0
99	Mongoose			5	1	5	1
100	muduo			0	0	0	0