vetted parsers (JSON, XML, etc) ● Call to Action: Owners of OSS should onboard to a fuzzing service (OSS-Fuzz)Isolation ● Untrusted Process – Parsing Out-of-Process ● Sandboxing ● AppContainers – Consider What the Fuzz) ● Structure Aware Fuzzing (libprotobuf-mutator) ● Fuzzing as a Service (OneFuzz, OSS-Fuzz)Libfuzzer and ASan The bar is not high, write simple function: FUZZ_EXPORT int __cdecl LLVMFu https://github.com/google/libprotobuf-mutator https://github.com/microsoft/onefuzz https://github.com/google/oss-fuzz© Copyright Microsoft Corporation. All rights reserved.