diff --git a/README.md b/README.md index 4caa2be85..05d1c2e19 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ oss-fuzz is an effort to apply coverage-guided software fuzzing on scale to test *part of oss-fuzz* source code repository. * [Project List](docs/projects.md) lists OSS projects integrated with oss-fuzz. * [Chrome's Efficient Fuzzer Guide](https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzer.md) while contains some chrome-specifics, is an excellent documentation on making your fuzzer better. +* [Life of a bug](docs/life_of_a_bug.md) ## Build status [Build status](https://oss-fuzz-build-logs.storage.googleapis.com/status.html) diff --git a/docs/life_of_a_bug.md b/docs/life_of_a_bug.md new file mode 100644 index 000000000..595f4e42e --- /dev/null +++ b/docs/life_of_a_bug.md @@ -0,0 +1,22 @@ +# Life of a bug + +## New bugs + +New crashes with security implications are automatically filed into our [bug +tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list). These issues are not +viewable by the public, but library developers can be automatically CC'ed on +these issues, granting access. + +These bugs contain a link to a ClusterFuzz report, which contains crash details +along with a testcase that can be downloaded. This can only be accessed by +people who are CC'ed on the bug (requires a Google account). + +## Fixing + +Once the bug is fixed, our fuzzing infrastructure (ClusterFuzz) automatically +verifies the fix, adding a comment and closing the bug. + +## Disclosure deadlines. + +TBD. Bugs will be automatically derestricted after a certain time once they're +made available to the library developers, or when they're fixed.