overall fuzzing architecture as well as the specific fuzzers developed. Architecture A central component in the Dapr approach to fuzzing is continuous fuzzing by way of OSS-Fuzz. The Dapr source code and runtime stats is thus a reflection of how much work the fuzzers have performed. The following tables lists for each fuzzer2 the amounts of tests executed as well as the total CPU hours devoted. Some of the

Configured Parameters Deployment Scopes Configured Traits Component 1 - Application Scopes - Parameters Component Component B Component C Component D 1 Where developers declare the operational characteristics deliver in infrastructure neutral terms. Component Component A Health Scope X Network Scope Y Network Scope X Component B Component C Component D Component A ApplicationScope A way to loosely single, deployable unit and specifies cross-component info, such as health scopes. Application Component B Component C Component D Component A Component Trait traits manual-scaler ingress For

leading open source orchestrator HELM chart OAM app Kubernetes resources Helm CLI kubectl Component Component Application rudr Kubernetes Cluster OAM Application YAML Open Application Model Application Application Scopes Parameters - Application Scopes - Parameters Component Workload Type Parameters Component Component B Component C Component D Where developers declare the operational characteristics characteristics of the code they deliver in infrastructure neutral terms. Component Component A Application Scope ApplicationScope A way to loosely couple components into groups with common characteristics

impact Dapr in a critical or high severity manner, and affects only a small group of Dapr users in a component that is not enabled by default. The vulnerability had the potential to crash a Dapr sidecar with the flow of untrusted data through a Dapr deployment, and then adding a fuzzer for the affected component. We added a total of five fuzzers to Daprs OSS-Fuzz integration. These will continue to run continuously application that compromises neither the user application nor the Dapr sidecar nor a particular Dapr component but does trigger a vulnerability in a remote service. The request could also trigger a vulnerability

control mechanism has shown some severe weaknesses. Cure53 demonstrated that bypassing access control lists is possible and can signify that invoking certain functions is infeasible. The identified issues were

out-of-scope for the publishing Dapr sidecar. This highlights the risk of attackers bypassing the PubSub component entirely, invoking the event routes for topics which are not allowed in the attackers’ scope. This