Hi Aaron,
For static analysis be have Coverity and Clang scan-build for libcss on Jenkins.
And on the GitHub mirror we have CodeQL.
Some of our libraries have been been fuzzed but I'm not sure if it's done routinely or ad-hoc. I'm also not sure if libcss was covered.
Best regards,
Michael
On Wed, 17 Sept 2025 at 14:20, Aaron Boxer <dmarc-noreply@freelists.org> wrote:
Hello!I am interested in learning more about the safety and security of the NetSurf project in general, and the libcss library in particular. I don't see any CVEs listed for NetSurf, have there been any security incidents in the past, and is there any infrastructure in place like fuzzing or static analysis to mitigate standard C security issues like buffer overflow or use after free ?I am interested in libcss in particular because I would like to use it in another project, GStreamer, which is part of many Linux distros; security is a big issue.Many Thanks,Aaron
No comments:
Post a Comment