Merge "Docs: Updates for reporting security bugs Bug: 20139905"master-soong

3 files changed, 45 insertions, 25 deletions

diff --git a/src/devices/tech/security/index.jd b/src/devices/tech/security/index.jd
index 783eef10..1c673777 100644
--- a/src/devices/tech/security/index.jd
+++ b/src/devices/tech/security/index.jd
@@ -1,7 +1,7 @@
 page.title=Security
 @jd:body
 <!--
-    Copyright 2014 The Android Open Source Project
+    Copyright 2015 The Android Open Source Project
 
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -29,10 +29,12 @@ page.title=Security
   consumers. To protect that value, the platform must offer an application
   environment that ensures the security of users, data, applications, the device,
   and the network.</p>
-<p>Securing an open platform requires a robust security architecture and rigorous
-  security programs.  Android was designed with multi-layered security that
-  provides the flexibility required for an open platform, while providing
-  protection for all users of the platform.</p>
+<p>Securing an open platform requires a robust security architecture and
+  rigorous security programs.  Android was designed with multi-layered
+  security that provides the flexibility required for an open platform, while
+  providing protection for all users of the platform. For information about
+  reporting security issues and the update process, 
+  see <a href="{@docRoot}devices/tech/security/overview/updates-resources.html">Security Updates and Resources</a>.</p>
 <p>Android was designed with developers in mind. Security controls were designed
   to reduce the burden on developers. Security-savvy developers can easily work
   with and rely on flexible security controls.  Developers less familiar with
@@ -52,6 +54,7 @@ page.title=Security
   related to the browser or SMS application. Recommended best practices for
   building Android devices, deploying Android devices, or developing applications
   for Android are not the goal of this document and are provided elsewhere.</p>
+
 <h2 id="background">Background</h2>
 <p>Android provides an open source platform and application environment for mobile
   devices.</p>
@@ -87,7 +90,7 @@ page.title=Security
       which they can write private data, including databases and raw files.</p>
   </li>
 </ul>
-<p>Android applications extend the core Android operating system.  There are two
+<p>Android applications extend the core Android operating system. There are two
   primary sources for applications:</p>
 <ul>
   <li>
@@ -105,13 +108,13 @@ page.title=Security
   </li>
 </ul>
 <p>Google provides a set of cloud-based services that are available to any
-  compatible Android device.  The primary services are:</p>
+  compatible Android device. The primary services are:</p>
 <ul>
   <li>
     <p><strong>Google Play</strong>: Google Play is a collection of services that
       allow users to discover, install, and purchase applications from their Android
-      device or the web.  Google Play makes it easy for developers to reach Android
-      users and potential customers.   Google Play also provides community review,
+      device or the web. Google Play makes it easy for developers to reach Android
+      users and potential customers. Google Play also provides community review,
       application <a href="https://developer.android.com/guide/publishing/licensing.html">license
         verification</a>, application security scanning, and other security services.</p>
   </li>
@@ -130,6 +133,8 @@ page.title=Security
   </li>
 </ul>
 <p>These services are not part of the Android Open Source Project and are out
-  of scope for this document.  But they are relevant to the security of most
+  of scope for this document. But they are relevant to the security of most
   Android devices, so a related security document titled “Google Services for
   Android: Security Overview” is available.</p>
+
+
diff --git a/src/devices/tech/security/overview/updates-resources.jd b/src/devices/tech/security/overview/updates-resources.jd
index 357aa0c7..5fc30957 100644
--- a/src/devices/tech/security/overview/updates-resources.jd
+++ b/src/devices/tech/security/overview/updates-resources.jd
@@ -23,6 +23,18 @@ page.title= Security updates and resources
   </div>
 </div>
 
+<h2 id="reporting-security-issues">Reporting Security Issues</h2>
+<p class="note"><strong>Note:</strong> The preferred way to report security
+issues is sending an email detailing the issue to security@android.com.</p>
+<p>Any developer, Android user, or security researcher can notify the Android
+security team of potential security issues. Your message can be encrypted
+using the Android security team PGP key <a href="https://developer.android.com/security_at_android_dot_com.txt">here</a>.</p> 
+<p>Sending an email to security@android.com is preferable to using the
+public Android bug tracker. Bugs marked as security issues are not externally
+visible, but they may eventually be made visible. If you plan to submit a
+patch to resolve a security issue, please contact security@android.com and
+wait for a response before submitting the patch to AOSP.</p>
+
 <h2 id="android-updates">Android Updates</h2>
 <p>Android provides system updates for both security and feature related purposes.</p>
 <p>There are two ways to update the code on most Android devices: over-the-air
diff --git a/src/source/report-bugs.jd b/src/source/report-bugs.jd
index e0fcae9d..fc5653e3 100644
--- a/src/source/report-bugs.jd
+++ b/src/source/report-bugs.jd
@@ -2,7 +2,7 @@ page.title=Report Bugs
 @jd:body
 
 <!--
-    Copyright 2013 The Android Open Source Project
+    Copyright 2015 The Android Open Source Project
 
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -23,38 +23,41 @@ page.title=Report Bugs
     </ol>
   </div>
 </div>
-<p>Thanks for your interest in Android! One of the best ways you can help us
+
+<p>Thank you for your interest in Android! One of the best ways you can help us
 improve Android is to let us know about any problems you find with it.</p>
-<p>First, though: if you think you've found a security vulnerability,
-<em>please don't use the forms below</em>. Using the public forms below may
+<h2 id="report-issues">Report Issues</h2>
+<p class="note"><strong>Note:</strong> For security vulnerabilities, please see
+<a href="{@docRoot}devices/tech/security/overview/updates-resources.html#reporting-security-issues">Reporting Security Issues</a>. If you think you've found
+a security vulnerability, <em>please don't use the forms below</em>. Using a public form may
 allow anyone to see your report, which may put users at risk until the bug is
-fixed. Please visit
-<a href="{@docRoot}source/faqs.html">our
-security faq</a> for more information on reporting security vulnerabilities
-to the Android security team.</p>
-<p>Here's how to report non-security bugs:</p>
+fixed. Instead, please send an email detailing the issue to security@android.com.</p>
+<p>Here's how to report <strong>non-security</strong> bugs:</p>
 <ul>
-<li>
+<li> 
 <p><a href="https://code.google.com/p/android/issues/advsearch">Search for
 your bug</a> to see if anyone has already reported it. Don't forget to
 search for all issues, not just open ones, as your issue might already
-have been reported and closed. To help find the most popular results,
+have been reported and closed. To help you find the most popular results,
 sort the result by number of stars.</p>
 </li>
 <li>
 <p>If you find your issue and it's important to you, star it! That's how we know which bugs are most important to fix.</p>
 </li>
 <li>
-<p>If no one's reported your bug, file the bug. You can use one of these templates:</p>
+<p>If no one has reported your bug, file the bug. You can use one of these templates:</p>
 <ul>
 <li>
-<p><a href="https://code.google.com/p/android/issues/entry?template=User%20bug%20report">Bug in your Device</a> - use this if you are a user reporting a bug in a device you own</p>
+<p><a href="https://code.google.com/p/android/issues/entry?template=User%20bug%20report">Bug in your Device</a> - 
+use this if you are a user reporting a bug in a device you own</p>
 </li>
 <li>
-<p><a href="https://code.google.com/p/android/issues/entry?template=Developer%20bug%20report">Bug in the Software</a> - use this if you found a bug in the course of developing an app</p>
+<p><a href="https://code.google.com/p/android/issues/entry?template=Developer%20bug%20report">Bug in the Software</a> - 
+use this if you found a bug in the course of developing an app</p>
 </li>
 <li>
-<p><a href="https://code.google.com/p/android/issues/entry?template=Feature%20request">Feature Request</a> - use this for a feature you'd like to see in a future verison</p>
+<p><a href="https://code.google.com/p/android/issues/entry?template=Feature%20request">Feature Request</a> - 
+use this for a feature you'd like to see in a future verison</p>
 </li>
 </ul>
 </li>