Google Project Zero Root Cause Analysis Template

References

• 0-day Root Cause Analysis Template - Google Docs
• Project Zero: 0day Exploit Root Cause Analyses (googleprojectzero.blogspot.com)
• Template (latest)

Markdown Template captured 1/29/2021:

      

**<CVE>: <Description/Title>**

Author

  

_Example of a completed Root Cause Analysis (RCA):_ [_https://googleprojectzero.blogspot.com/p/rca-cve-2019-13720.html_](https://googleprojectzero.blogspot.com/p/rca-cve-2019-13720.html) 

  

**Disclosure or Patch Date:** 

**Product:** 

**Advisory:** 

**Affected Versions:**

**First Patched Version:**

**Issue/Bug Report:**  (If this or the next four sections don’t exist, just put “N/A”)

**Patch CL:**

**Bug-Introducing CL:**

**Proof-of-Concept:  
Exploit Sample:** 

**Access to the exploit sample?** _(Did you have access to the exploit sample when doing the analysis?)_

**Reporter(s):** 

  

**Bug Class:** 

**Vulnerability Details:**

  

**Is the exploit method known?**  
**Exploit method:** 

  

**How do you think you would have found this bug? (**_Do you think it might have been found through fuzzing, code auditing, variant analysis, etc.)_

  

**(Historical/present/future) context of bug:** 

  

**Areas/approach for variant analysis:** _(What variant analysis areas/approaches are there and why)_

**Found variants:** 

  

**Structural improvements:** _(What are structural improvements such as ways to kill the bug class, make it harder to exploit, etc)_

  

**Potential detection methods for similar 0-days:** _(Any ideas of how we could have detected this or similar exploits as a 0-day)_

  

  

**Other references:**