|
|
|
|
@ -285,13 +285,11 @@ $ ./honggfuzz/honggfuzz --exit_upon_crash --quiet --timeout 4 -n 1 -Q \
|
|
|
|
|
# OSS-Fuzz
|
|
|
|
|
|
|
|
|
|
Bitcoin Core participates in Google's [OSS-Fuzz](https://github.com/google/oss-fuzz/tree/master/projects/bitcoin-core)
|
|
|
|
|
program, which includes a dashboard of [publicly disclosed vulnerabilities](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=bitcoin-core).
|
|
|
|
|
Generally, we try to disclose vulnerabilities as soon as possible after they
|
|
|
|
|
are fixed to give users the knowledge they need to be protected. However,
|
|
|
|
|
because Bitcoin is a live P2P network, and not just standalone local software,
|
|
|
|
|
we might not fully disclose every issue within Google's standard
|
|
|
|
|
program, which includes a dashboard of [publicly disclosed vulnerabilities](https://issues.oss-fuzz.com/issues?q=bitcoin-core%20status:open).
|
|
|
|
|
|
|
|
|
|
Bitcoin Core follows its [security disclosure policy](https://bitcoincore.org/en/security-advisories/),
|
|
|
|
|
which may differ from Google's standard
|
|
|
|
|
[90-day disclosure window](https://google.github.io/oss-fuzz/getting-started/bug-disclosure-guidelines/)
|
|
|
|
|
if a partial or delayed disclosure is important to protect users or the
|
|
|
|
|
function of the network.
|
|
|
|
|
.
|
|
|
|
|
|
|
|
|
|
OSS-Fuzz also produces [a fuzzing coverage report](https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_bitcoin-core/latest).
|
|
|
|
|
|
MarcoFalke
1 month ago