mirror of https://github.com/google/oss-fuzz.git
Add initial life of a bug documentation.
This commit is contained in:
parent
8f8e21ace3
commit
5d4f10f693
|
@ -14,6 +14,7 @@ oss-fuzz is an effort to apply coverage-guided software fuzzing on scale to test
|
|||
*part of oss-fuzz* source code repository.
|
||||
* [Project List](docs/projects.md) lists OSS projects integrated with oss-fuzz.
|
||||
* [Chrome's Efficient Fuzzer Guide](https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzer.md) while contains some chrome-specifics, is an excellent documentation on making your fuzzer better.
|
||||
* [Life of a bug](docs/life_of_a_bug.md)
|
||||
|
||||
## Build status
|
||||
[Build status](https://oss-fuzz-build-logs.storage.googleapis.com/status.html)
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
# Life of a bug
|
||||
|
||||
## New bugs
|
||||
|
||||
New crashes with security implications are automatically filed into our [bug
|
||||
tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list). These issues are not
|
||||
viewable by the public, but library developers can be automatically CC'ed on
|
||||
these issues, granting access.
|
||||
|
||||
These bugs contain a link to a ClusterFuzz report, which contains crash details
|
||||
along with a testcase that can be downloaded. This can only be accessed by
|
||||
people who are CC'ed on the bug (requires a Google account).
|
||||
|
||||
## Fixing
|
||||
|
||||
Once the bug is fixed, our fuzzing infrastructure (ClusterFuzz) automatically
|
||||
verifies the fix, adding a comment and closing the bug.
|
||||
|
||||
## Disclosure deadlines.
|
||||
|
||||
TBD. Bugs will be automatically derestricted after a certain time once they're
|
||||
made available to the library developers, or when they're fixed.
|
Loading…
Reference in New Issue