mirror of
https://github.com/capstone-engine/llvm-capstone.git
synced 2024-12-28 18:54:55 +00:00
c9dbaa4c86
To track security issues, we're starting with the chromium bug tracker (using the llvm project there). We considered using Github Security Advisories. However, they are currently intended as a way for project owners to publicize their security advisories, and aren't well-suited to reporting issues. This also moves the issue-reporting paragraph to the beginning of the document, in part to make it more discoverable, in part to allow the anchor-linking to actually display the paragraph at the top of the page. Note that this doesn't update the concrete list of security-sensitive areas, which is still an open item. When we do, we may want to move the list of security-sensitive areas next to the issue-reporting paragraph as well, as it seems like relevant information needed in the reporting process. Finally, when describing the discission medium, this splits the topics discussed into two: the concrete security issues, discussed in the issue tracker, and the logistics of the group, in our mailing list, as patches on public lists, and in the monthly sync-up call. While there, add a SECURITY.md page linking to the relevant paragraph. Differential Revision: https://reviews.llvm.org/D100873
205 B
205 B
Reporting LLVM Security Issues
To report security issues in LLVM, please follow the steps outlined on the LLVM Security Group page.