Google Project Zero Root Cause Analysis Template


Markdown Template captured 1/29/2021:


**<CVE>: <Description/Title>**



_Example of a completed Root Cause Analysis (RCA):_ [_]( 


**Disclosure or Patch Date:** 



**Affected Versions:**

**First Patched Version:**

**Issue/Bug Report:**  (If this or the next four sections don’t exist, just put “N/A”)

**Patch CL:**

**Bug-Introducing CL:**

Exploit Sample:** 

**Access to the exploit sample?** _(Did you have access to the exploit sample when doing the analysis?)_



**Bug Class:** 

**Vulnerability Details:**


**Is the exploit method known?**  
**Exploit method:** 


**How do you think you would have found this bug? (**_Do you think it might have been found through fuzzing, code auditing, variant analysis, etc.)_


**(Historical/present/future) context of bug:** 


**Areas/approach for variant analysis:** _(What variant analysis areas/approaches are there and why)_

**Found variants:** 


**Structural improvements:** _(What are structural improvements such as ways to kill the bug class, make it harder to exploit, etc)_


**Potential detection methods for similar 0-days:** _(Any ideas of how we could have detected this or similar exploits as a 0-day)_



**Other references:**