1--- 2layout: default 3title: Bug disclosure guidelines 4parent: Getting started 5nav_order: 4 6permalink: /getting-started/bug-disclosure-guidelines/ 7--- 8 9## Bug Disclosure Guidelines 10 11Following [Google's standard disclosure policy](https://googleprojectzero.blogspot.com/2015/02/feedback-and-data-driven-updates-to.html), 12OSS-Fuzz will adhere to following disclosure principles: 13 14 - **Deadline**. After notifying project authors, we will open reported 15 issues to the public in 90 days, or after the fix is released (whichever 16 comes earlier). 17 - **Weekends and holidays**. If a deadline is due to expire on a weekend, 18 the deadline will be moved to the next normal work day. 19 - **Grace period**. We have a 14-day grace period. If a 90-day deadline 20 expires but the upstream engineers let us know before the deadline that a 21 patch is scheduled for release on a specific day within 14 days following 22 the deadline, the public disclosure will be delayed until the availability 23 of the patch. 24