doc: add OSS-Fuzz section to fuzzing.md doc

Co-authored-by: Russell Yanofsky <russ@yanofsky.org>
author: Adam Jonas <jonas@chaincode.com> 2021-05-04 13:38:52 -0400
committer: Adam Jonas <jonas@chaincode.com> 2021-05-05 10:10:56 -0400
commit: 47c3ea021e867206172cdb6546a76d23baa958bb (patch)
tree: 0bb5eb4de680d0ca7b75cc6c217de90a4a7b1bc1 /doc/fuzzing.md
parent: 3f8f238deb5a72db04d29c899cea11df14cd984c (diff)
download: bitcoin-47c3ea021e867206172cdb6546a76d23baa958bb.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/fuzzing.md b/doc/fuzzing.md
index 4d8825f4c2..5ffa3a9416 100644
--- a/doc/fuzzing.md
+++ b/doc/fuzzing.md
@@ -230,3 +230,15 @@ $ honggfuzz/honggfuzz --exit_upon_crash --quiet --timeout 4 -n 1 -Q \
                        -nodebuglogfile -bind=127.0.0.1:18444 -logthreadnames \
                        -debug
 ```
+
+# OSS-Fuzz
+
+Bitcoin Core participates in Google's [OSS-Fuzz](https://github.com/google/oss-fuzz/tree/master/projects/bitcoin-core)
+program, which includes a dashboard of [publicly disclosed vulnerabilities](https://bugs.chromium.org/p/oss-fuzz/issues/list).
+Generally, we try to disclose vulnerabilities as soon as possible after they
+are fixed to give users the knowledge they need to be protected. However,
+because Bitcoin is a live P2P network, and not just standalone local software,
+we might not fully disclose every issue within Google's standard
+[90-day disclosure window](https://google.github.io/oss-fuzz/getting-started/bug-disclosure-guidelines/)
+if a partial or delayed disclosure is important to protect users or the
+function of the network.
author	Adam Jonas <jonas@chaincode.com>	2021-05-04 13:38:52 -0400
committer	Adam Jonas <jonas@chaincode.com>	2021-05-05 10:10:56 -0400
commit	47c3ea021e867206172cdb6546a76d23baa958bb (patch)
tree	0bb5eb4de680d0ca7b75cc6c217de90a4a7b1bc1 /doc/fuzzing.md
parent	3f8f238deb5a72db04d29c899cea11df14cd984c (diff)
download	bitcoin-47c3ea021e867206172cdb6546a76d23baa958bb.tar.xz