1Our MissionOSS-Fuzz

OSS-Fuzz

OSS-Fuzz is a free fuzzing platform for critical open source projects. It aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

There are several ways to get rewarded for contributing to OSS-Fuzz, such as integrating new projects, improving existing projects, or adding ways to find new classes of vulnerabilities.

For more details on qualifying submissions, see the information on this page and the program rules.
Submit contribution
View rules
2ExamplesshowExamples

Examples

Some examples of valid OSS-Fuzz contributions:

  • Example 1

    Integrating a new project into OSS-Fuzz (example)

  • Example 2

    Improving the coverage of an existing project (example)

  • Example 3

    Adding a new class of bug detectors to find new vulnerabilities

3RewardshowRewards

Reward amounts

Below you can find an overview of the different reward categories available for contributions to OSS-Fuzz. For full details, see the Qualifying submissions & reward amounts section of the OSS-Fuzz Rewards Program rules.

    Fuzzing Integration

  • 01

    Up to $5,000

    For OSS-Fuzz initial integrations

  • 02

    Up to $15,000

    For ideal fuzzing integrations

Fuzzing Coverage

  • 01

    Up to $5,000

    For line coverage improvements in any OSS-Fuzz integrated project

  • 02

    Up to $5,000

    For FuzzIntrospector (call tree coverage / coloring) improvements

  • 03

    Up to $11,337

    For FuzzBench integration rewards

    • Vulnerabilities

  • 01

    Up to $11,337

    For integrating a new sanitizer into OSS-Fuzz

  • 02

    Up to $11,337

    For finding a critical vulnerability that has widespread impact as a result of fuzzing integration

    • 4LinksshowLinks

    Rules

    All details of what's in scope, and our report standards

    Learn more

    Contribution

    Submit a contribution to OSS-Fuzz

    Submit contribution