diff options
author | Oliver Chang <ochang@chromium.org> | 2016-10-17 10:23:28 -0700 |
---|---|---|
committer | Oliver Chang <ochang@chromium.org> | 2016-10-17 10:23:28 -0700 |
commit | 5d4f10f69324d0bfbbcb70d0d52459d67c2ae6fa (patch) | |
tree | d780ab8c4d53e8dce43ab3fb6ec3aa39528fdab9 /docs | |
parent | 8f8e21ace3b2e35d4f3e29c5a0c137e09bd84347 (diff) |
Add initial life of a bug documentation.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/life_of_a_bug.md | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/life_of_a_bug.md b/docs/life_of_a_bug.md new file mode 100644 index 00000000..595f4e42 --- /dev/null +++ b/docs/life_of_a_bug.md @@ -0,0 +1,22 @@ +# Life of a bug + +## New bugs + +New crashes with security implications are automatically filed into our [bug +tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list). These issues are not +viewable by the public, but library developers can be automatically CC'ed on +these issues, granting access. + +These bugs contain a link to a ClusterFuzz report, which contains crash details +along with a testcase that can be downloaded. This can only be accessed by +people who are CC'ed on the bug (requires a Google account). + +## Fixing + +Once the bug is fixed, our fuzzing infrastructure (ClusterFuzz) automatically +verifies the fix, adding a comment and closing the bug. + +## Disclosure deadlines. + +TBD. Bugs will be automatically derestricted after a certain time once they're +made available to the library developers, or when they're fixed. |