a Dapr sidecar with an out-of-memory denial of service attack vector. We found the vulnerability a�er performing the threat modelling goal and understanding the flow of untrusted data through a Dapr deployment added a total of five fuzzers to Daprs OSS-Fuzz integration. These will continue to run continuously a�er the conclusion of the audit. An area for future work on Daprs security posture is its so�ware supply-chain fuzzers for Dapr. We added the fuzzers to Daprs OSS-Fuzz integration so that they run continuously a�er the audit concluded. This allows the fuzzers to run for a longer time and explore more of the reachable

fuzzers continue to test Daprs code and might find more bugs in the same code or new bugs introduced a�er the audit itself. If that happens, OSS-Fuzz will notify the Dapr team with a stacktrace and a reproducer