diff options
| author | Oliver Chang <oliverchang@users.noreply.github.com> | 2021-03-12 09:34:56 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-12 09:34:56 +1100 |
| commit | 5a00fd347ee44eec4737c322619a2c39c084db15 (patch) | |
| tree | 4fbe7a7ec5c708443ed07c19c333a2ba23772805 /docs | |
| parent | a15ab02cc449c5b9e95bef3dc0f7ea191a984afd (diff) | |
| download | oss-fuzz-5a00fd347ee44eec4737c322619a2c39c084db15.tar.gz | |
Modify deadline text to disclose immediately after fix is released. (#5323)
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/getting-started/bug_disclosure_guidelines.md | 6 | ||||
| -rw-r--r-- | docs/oss-fuzz/architecture.md | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/docs/getting-started/bug_disclosure_guidelines.md b/docs/getting-started/bug_disclosure_guidelines.md index f82a75100..e5a76ef2c 100644 --- a/docs/getting-started/bug_disclosure_guidelines.md +++ b/docs/getting-started/bug_disclosure_guidelines.md @@ -12,12 +12,12 @@ Following [Google's standard disclosure policy](https://googleprojectzero.blogsp OSS-Fuzz will adhere to following disclosure principles: - **Deadline**. After notifying project authors, we will open reported - issues to the public in 90 days, or 30 days after the fix is released - (whichever comes earlier). + issues to the public in 90 days, or after the fix is released (whichever + comes earlier). - **Weekends and holidays**. If a deadline is due to expire on a weekend, the deadline will be moved to the next normal work day. - **Grace period**. We have a 14-day grace period. If a 90-day deadline expires but the upstream engineers let us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability - of the patch.
\ No newline at end of file + of the patch. diff --git a/docs/oss-fuzz/architecture.md b/docs/oss-fuzz/architecture.md index 689870eaa..56ff29620 100644 --- a/docs/oss-fuzz/architecture.md +++ b/docs/oss-fuzz/architecture.md @@ -29,5 +29,5 @@ with the project's build and test system. discovery (the commit message should contain the string **'Credit to OSS-Fuzz'**). Once the developer fixes the bug, [ClusterFuzz]({{ site.baseurl }}/further-reading/clusterfuzz) automatically -verifies the fix, adds a comment, and closes the issue ([example](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53#c3)). 30 days after the fix is verified or 90 days after reporting (whichever is earlier), the issue becomes [public]({{ site.baseurl }}/getting-started/bug-disclosure-guidelines/). +verifies the fix, adds a comment, and closes the issue ([example](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53#c3)). After the fix is verified or 90 days after reporting (whichever is earlier), the issue becomes [public]({{ site.baseurl }}/getting-started/bug-disclosure-guidelines/). |