From 0d2c7f9237296f0263c77c8f1b97e6b321c8b3dd Mon Sep 17 00:00:00 2001 From: Mike Aizatsky Date: Tue, 25 Oct 2016 14:59:45 -0700 Subject: [PATCH] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 05adc6ae1..8797d2b58 100644 --- a/README.md +++ b/README.md @@ -49,11 +49,11 @@ The following process is used for targets in oss-fuzz: [Example issue](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9). ([Why different tracker?](docs/faq.md#why-do-you-use-a-different-issue-tracker-for-testcases)) - if the target project has a defined process for reporting security issues, - we will follow it, otherwise we will cc library contact engineers on an issue. -- library engineers fix the issue and land the fix upstream. + we will follow it, otherwise we will cc target engineers on an issue. +- engineers fix the issue and land the fix upstream. - fuzzing infrastructure automatically verifies the fix, adds a comment and closes the issue. -- after the issue is fixed or after 90 days since reporting has passed the issue +- after the issue is fixed or after 90 days since reporting has passed, the issue becomes *public*. The following table summarizes issue visibility through the process: