We encourage you to apply for integration rewards (up to $20,000) once your project is successfully integrated with OSS-Fuzz. Please see the details in our blog post here.
Rewards are based on the quality of integration with OSS-Fuzz, which is evaluated using the following criteria:
- Upstream integration of the fuzz targets and build support.
- Performance of the fuzz targets and code coverage achieved with fuzzing.
- Regression testing in the upstream repository using fuzz targets and OSS-Fuzz corpora. Enabling CIFuzz is the easiest way to address this.
- Discretion bonus to recognize outstanding work.
For each of the points above, the OSS-Fuzz rewards panel first sets up a cap of up to $5,000. Then, the panel decides the actual reward amount (ranging from $0 up to the cap) for each criteria, depending on how well the criteria is satisfied.
The highest cap values ($5,000) are awarded only to projects of a critical importance for the global infrastructure and/or widely used products, devices, or services.