the ‘delta’, meaning additions introduced since the summer, as well as the changes stemming from fixes expected as a Cure53, Berlin · 02/09/21 1/9 Dr.-Ing. Mario

warranting being reported to Dapr while the test was still ongoing. Similarly as in the former case, the fixes were proposed, deployed and then verified. In addition, one issue documented as DAP-01-010 was reported

If OSS-fuzz finds that any bugs have been fixed OSS-Fuzz marks the crashes as fixed in the Monorail bug tracker and notifies maintainers. In each fuzzing iteration, OSS-Fuzz uses its corpus accumulated Monorail bug tracker is created. 3. An email is sent to maintainers with links to the report and relevant entry in the bug tracker. OSS-Fuzz has a 90 day disclosure policy, meaning that a bug becomes becomes public in the bug tracker if it has not been fixed. The detailed report is never made public. The Dapr maintainers will fix issues upstream, and OSS-Fuzz will pull the latest Dapr master branch the next