2021.11.05 01:18 "Re: [Tiff] About issues filed by Varangian bot", by Bob Friesenhahn
The poppler developers have a private place where they keep a list of reported fuzzing issues so that the developers can let the issues sit around until someone has time without having them visible on a public list. Is it possible to make a private tiff area where bots can send reports?
I am not so sure that having the reports exposed in public is a problem. The problem is that there will be a great many reports, with few people having the time and energy to work on them.
The oss-fuzz project is another source of public reports (e.g. https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libtiff&can=1) and that project makes issues public in 90 days (or less).
Reports without sufficient volunteers to deal with them seems to be the problem.
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt