It also might be useful to start encouraging library authors whose libraries touch networking components to fuzz and fuzz heavily.
While supply chain attacks are a valid thing to look out for, in the wild fuzzing is more likely to catch bugs and potential issues.
From what I can tell, libraries like URL and MySQL are fuzzed by libraries like Mqtt and Redis are not.
This is something I have in mind to add to Boost.Redis in the near future, since I do share your view. JSON is also fuzzed, BTW.
Getting serious about security is a good move and we should at least think about what kind of infrastructure and common abstractions we can apply to help authors reach the bar of quality we want.
Google's oss-fuzz project already fuzzes a good number of Boost libraries for us but it'd be nice to rely on ourselves. Actually, Hash2 probably could use some fuzzing...
- Christian _______________________________________________ Boost mailing list -- boost@lists.boost.org To unsubscribe send an email to boost-leave@lists.boost.org https://lists.boost.org/mailman3/lists/boost.lists.boost.org/ Archived at: https://lists.boost.org/archives/list/boost@lists.boost.org/message/BOQUDXWE...