Docs: Updates for reporting security bugs
Bug: 20139905
Change-Id: Ic4dc78d8db764a045c954cba8c1cd4f3ef6cabae
diff --git a/src/devices/tech/security/index.jd b/src/devices/tech/security/index.jd
index 783eef1..1c67377 100644
--- a/src/devices/tech/security/index.jd
+++ b/src/devices/tech/security/index.jd
@@ -1,7 +1,7 @@
page.title=Security
@jd:body
<!--
- Copyright 2014 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -29,10 +29,12 @@
consumers. To protect that value, the platform must offer an application
environment that ensures the security of users, data, applications, the device,
and the network.</p>
-<p>Securing an open platform requires a robust security architecture and rigorous
- security programs. Android was designed with multi-layered security that
- provides the flexibility required for an open platform, while providing
- protection for all users of the platform.</p>
+<p>Securing an open platform requires a robust security architecture and
+ rigorous security programs. Android was designed with multi-layered
+ security that provides the flexibility required for an open platform, while
+ providing protection for all users of the platform. For information about
+ reporting security issues and the update process,
+ see <a href="{@docRoot}devices/tech/security/overview/updates-resources.html">Security Updates and Resources</a>.</p>
<p>Android was designed with developers in mind. Security controls were designed
to reduce the burden on developers. Security-savvy developers can easily work
with and rely on flexible security controls. Developers less familiar with
@@ -52,6 +54,7 @@
related to the browser or SMS application. Recommended best practices for
building Android devices, deploying Android devices, or developing applications
for Android are not the goal of this document and are provided elsewhere.</p>
+
<h2 id="background">Background</h2>
<p>Android provides an open source platform and application environment for mobile
devices.</p>
@@ -87,7 +90,7 @@
which they can write private data, including databases and raw files.</p>
</li>
</ul>
-<p>Android applications extend the core Android operating system. There are two
+<p>Android applications extend the core Android operating system. There are two
primary sources for applications:</p>
<ul>
<li>
@@ -105,13 +108,13 @@
</li>
</ul>
<p>Google provides a set of cloud-based services that are available to any
- compatible Android device. The primary services are:</p>
+ compatible Android device. The primary services are:</p>
<ul>
<li>
<p><strong>Google Play</strong>: Google Play is a collection of services that
allow users to discover, install, and purchase applications from their Android
- device or the web. Google Play makes it easy for developers to reach Android
- users and potential customers. Google Play also provides community review,
+ device or the web. Google Play makes it easy for developers to reach Android
+ users and potential customers. Google Play also provides community review,
application <a href="https://developer.android.com/guide/publishing/licensing.html">license
verification</a>, application security scanning, and other security services.</p>
</li>
@@ -130,6 +133,8 @@
</li>
</ul>
<p>These services are not part of the Android Open Source Project and are out
- of scope for this document. But they are relevant to the security of most
+ of scope for this document. But they are relevant to the security of most
Android devices, so a related security document titled “Google Services for
Android: Security Overview” is available.</p>
+
+
diff --git a/src/devices/tech/security/overview/updates-resources.jd b/src/devices/tech/security/overview/updates-resources.jd
index 357aa0c..5fc3095 100644
--- a/src/devices/tech/security/overview/updates-resources.jd
+++ b/src/devices/tech/security/overview/updates-resources.jd
@@ -23,6 +23,18 @@
</div>
</div>
+<h2 id="reporting-security-issues">Reporting Security Issues</h2>
+<p class="note"><strong>Note:</strong> The preferred way to report security
+issues is sending an email detailing the issue to security@android.com.</p>
+<p>Any developer, Android user, or security researcher can notify the Android
+security team of potential security issues. Your message can be encrypted
+using the Android security team PGP key <a href="https://developer.android.com/security_at_android_dot_com.txt">here</a>.</p>
+<p>Sending an email to security@android.com is preferable to using the
+public Android bug tracker. Bugs marked as security issues are not externally
+visible, but they may eventually be made visible. If you plan to submit a
+patch to resolve a security issue, please contact security@android.com and
+wait for a response before submitting the patch to AOSP.</p>
+
<h2 id="android-updates">Android Updates</h2>
<p>Android provides system updates for both security and feature related purposes.</p>
<p>There are two ways to update the code on most Android devices: over-the-air
diff --git a/src/source/report-bugs.jd b/src/source/report-bugs.jd
index e0fcae9..fc5653e 100644
--- a/src/source/report-bugs.jd
+++ b/src/source/report-bugs.jd
@@ -2,7 +2,7 @@
@jd:body
<!--
- Copyright 2013 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -23,38 +23,41 @@
</ol>
</div>
</div>
-<p>Thanks for your interest in Android! One of the best ways you can help us
+
+<p>Thank you for your interest in Android! One of the best ways you can help us
improve Android is to let us know about any problems you find with it.</p>
-<p>First, though: if you think you've found a security vulnerability,
-<em>please don't use the forms below</em>. Using the public forms below may
+<h2 id="report-issues">Report Issues</h2>
+<p class="note"><strong>Note:</strong> For security vulnerabilities, please see
+<a href="{@docRoot}devices/tech/security/overview/updates-resources.html#reporting-security-issues">Reporting Security Issues</a>. If you think you've found
+a security vulnerability, <em>please don't use the forms below</em>. Using a public form may
allow anyone to see your report, which may put users at risk until the bug is
-fixed. Please visit
-<a href="{@docRoot}source/faqs.html">our
-security faq</a> for more information on reporting security vulnerabilities
-to the Android security team.</p>
-<p>Here's how to report non-security bugs:</p>
+fixed. Instead, please send an email detailing the issue to security@android.com.</p>
+<p>Here's how to report <strong>non-security</strong> bugs:</p>
<ul>
-<li>
+<li>
<p><a href="https://code.google.com/p/android/issues/advsearch">Search for
your bug</a> to see if anyone has already reported it. Don't forget to
search for all issues, not just open ones, as your issue might already
-have been reported and closed. To help find the most popular results,
+have been reported and closed. To help you find the most popular results,
sort the result by number of stars.</p>
</li>
<li>
<p>If you find your issue and it's important to you, star it! That's how we know which bugs are most important to fix.</p>
</li>
<li>
-<p>If no one's reported your bug, file the bug. You can use one of these templates:</p>
+<p>If no one has reported your bug, file the bug. You can use one of these templates:</p>
<ul>
<li>
-<p><a href="https://code.google.com/p/android/issues/entry?template=User%20bug%20report">Bug in your Device</a> - use this if you are a user reporting a bug in a device you own</p>
+<p><a href="https://code.google.com/p/android/issues/entry?template=User%20bug%20report">Bug in your Device</a> -
+use this if you are a user reporting a bug in a device you own</p>
</li>
<li>
-<p><a href="https://code.google.com/p/android/issues/entry?template=Developer%20bug%20report">Bug in the Software</a> - use this if you found a bug in the course of developing an app</p>
+<p><a href="https://code.google.com/p/android/issues/entry?template=Developer%20bug%20report">Bug in the Software</a> -
+use this if you found a bug in the course of developing an app</p>
</li>
<li>
-<p><a href="https://code.google.com/p/android/issues/entry?template=Feature%20request">Feature Request</a> - use this for a feature you'd like to see in a future verison</p>
+<p><a href="https://code.google.com/p/android/issues/entry?template=Feature%20request">Feature Request</a> -
+use this for a feature you'd like to see in a future verison</p>
</li>
</ul>
</li>
