diff options
author | MarcoFalke <falke.marco@gmail.com> | 2021-05-05 16:33:56 +0200 |
---|---|---|
committer | MarcoFalke <falke.marco@gmail.com> | 2021-05-05 16:34:00 +0200 |
commit | 576300afb0ec486a361f4c69d1c4c1d7bc127671 (patch) | |
tree | 6b87e80549d17c0f69dcb75bb0ce5c2f6e6acb08 | |
parent | 54617fad9988eb3fb7da5203e897ec71416f9f7e (diff) | |
parent | 47c3ea021e867206172cdb6546a76d23baa958bb (diff) |
Merge bitcoin/bitcoin#21856: doc: add OSS-Fuzz section to fuzzing.md doc
47c3ea021e867206172cdb6546a76d23baa958bb doc: add OSS-Fuzz section to fuzzing.md doc (Adam Jonas)
Pull request description:
This adds documentation about [Bitcoin Core's participation](https://github.com/google/oss-fuzz/pull/5699/files) in Google's OSS-Fuzz program and adds the caveat that the project may not disclose vulnerabilities within the 90-day window described in the [program's disclosure guidelines](https://google.github.io/oss-fuzz/getting-started/bug-disclosure-guidelines/).
ACKs for top commit:
jonatack:
ACK 47c3ea021e867206172cdb6546a76d23baa958bb
Tree-SHA512: 87bf0146fb74d1e4b3b8839e6c8f3d53046008a6d5b926ffe5b95be3c396a5e47e47967533422f60b04c4446482f49d210ada410b742f69781a7afde623d704d
-rw-r--r-- | doc/fuzzing.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/fuzzing.md b/doc/fuzzing.md index 4d8825f4c2..5ffa3a9416 100644 --- a/doc/fuzzing.md +++ b/doc/fuzzing.md @@ -230,3 +230,15 @@ $ honggfuzz/honggfuzz --exit_upon_crash --quiet --timeout 4 -n 1 -Q \ -nodebuglogfile -bind=127.0.0.1:18444 -logthreadnames \ -debug ``` + +# OSS-Fuzz + +Bitcoin Core participates in Google's [OSS-Fuzz](https://github.com/google/oss-fuzz/tree/master/projects/bitcoin-core) +program, which includes a dashboard of [publicly disclosed vulnerabilities](https://bugs.chromium.org/p/oss-fuzz/issues/list). +Generally, we try to disclose vulnerabilities as soon as possible after they +are fixed to give users the knowledge they need to be protected. However, +because Bitcoin is a live P2P network, and not just standalone local software, +we might not fully disclose every issue within Google's standard +[90-day disclosure window](https://google.github.io/oss-fuzz/getting-started/bug-disclosure-guidelines/) +if a partial or delayed disclosure is important to protect users or the +function of the network. |