Add initial life of a bug documentation.

This commit is contained in:
Oliver Chang 2016-10-17 10:23:28 -07:00
parent 8f8e21ace3
commit 5d4f10f693
2 changed files with 23 additions and 0 deletions

View File

@ -14,6 +14,7 @@ oss-fuzz is an effort to apply coverage-guided software fuzzing on scale to test
*part of oss-fuzz* source code repository.
* [Project List](docs/projects.md) lists OSS projects integrated with oss-fuzz.
* [Chrome's Efficient Fuzzer Guide](https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzer.md) while contains some chrome-specifics, is an excellent documentation on making your fuzzer better.
* [Life of a bug](docs/life_of_a_bug.md)
## Build status
[Build status](https://oss-fuzz-build-logs.storage.googleapis.com/status.html)

22
docs/life_of_a_bug.md Normal file
View File

@ -0,0 +1,22 @@
# Life of a bug
## New bugs
New crashes with security implications are automatically filed into our [bug
tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list). These issues are not
viewable by the public, but library developers can be automatically CC'ed on
these issues, granting access.
These bugs contain a link to a ClusterFuzz report, which contains crash details
along with a testcase that can be downloaded. This can only be accessed by
people who are CC'ed on the bug (requires a Google account).
## Fixing
Once the bug is fixed, our fuzzing infrastructure (ClusterFuzz) automatically
verifies the fix, adding a comment and closing the bug.
## Disclosure deadlines.
TBD. Bugs will be automatically derestricted after a certain time once they're
made available to the library developers, or when they're fixed.