Add initial life of a bug documentation.

author: Oliver Chang <ochang@chromium.org> 2016-10-17 10:23:28 -0700
committer: Oliver Chang <ochang@chromium.org> 2016-10-17 10:23:28 -0700
commit: 5d4f10f69324d0bfbbcb70d0d52459d67c2ae6fa (patch)
tree: d780ab8c4d53e8dce43ab3fb6ec3aa39528fdab9 /docs
parent: 8f8e21ace3b2e35d4f3e29c5a0c137e09bd84347 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/life_of_a_bug.md b/docs/life_of_a_bug.md
new file mode 100644
index 00000000..595f4e42
--- /dev/null
+++ b/docs/life_of_a_bug.md
@@ -0,0 +1,22 @@
+# Life of a bug
+
+## New bugs
+
+New crashes with security implications are automatically filed into our [bug
+tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list). These issues are not
+viewable by the public, but library developers can be automatically CC'ed on
+these issues, granting access.
+
+These bugs contain a link to a ClusterFuzz report, which contains crash details
+along with a testcase that can be downloaded. This can only be accessed by
+people who are CC'ed on the bug (requires a Google account).
+
+## Fixing
+
+Once the bug is fixed, our fuzzing infrastructure (ClusterFuzz) automatically
+verifies the fix, adding a comment and closing the bug.
+
+## Disclosure deadlines.
+
+TBD. Bugs will be automatically derestricted after a certain time once they're
+made available to the library developers, or when they're fixed.
author	Oliver Chang <ochang@chromium.org>	2016-10-17 10:23:28 -0700
committer	Oliver Chang <ochang@chromium.org>	2016-10-17 10:23:28 -0700
commit	5d4f10f69324d0bfbbcb70d0d52459d67c2ae6fa (patch)
tree	d780ab8c4d53e8dce43ab3fb6ec3aa39528fdab9 /docs
parent	8f8e21ace3b2e35d4f3e29c5a0c137e09bd84347 (diff)