blob: e5a76ef2c0add74bdf53d85ab3d8a5070c8cc611 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
---
layout: default
title: Bug disclosure guidelines
parent: Getting started
nav_order: 4
permalink: /getting-started/bug-disclosure-guidelines/
---
## Bug Disclosure Guidelines
Following [Google's standard disclosure policy](https://googleprojectzero.blogspot.com/2015/02/feedback-and-data-driven-updates-to.html),
OSS-Fuzz will adhere to following disclosure principles:
- **Deadline**. After notifying project authors, we will open reported
issues to the public in 90 days, or after the fix is released (whichever
comes earlier).
- **Weekends and holidays**. If a deadline is due to expire on a weekend,
the deadline will be moved to the next normal work day.
- **Grace period**. We have a 14-day grace period. If a 90-day deadline
expires but the upstream engineers let us know before the deadline that a
patch is scheduled for release on a specific day within 14 days following
the deadline, the public disclosure will be delayed until the availability
of the patch.
|
