[PATCH] D70326: [docs] LLVM Security Group and Process
Hal Finkel via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Jul 10 18:48:22 PDT 2020
hfinkel added inline comments.
================
Comment at: llvm/docs/Security.rst:177
+* All security issues (as well as nomination / removal discussions) become public within approximately fourteen weeks of the fix landing in the LLVM repository. Precautions should be taken to avoid disclosing particularly sensitive data included in the report (e.g. username and password pairs).
+
+
----------------
I recommend that part of this process, presumably at the end, be directed at fulfilling goal #6 above ("Strive to improve security over time, for example by adding additional testing, fuzzing, and hardening after fixing issues."). Maybe something along the lines of: LLVM bug reports will be filed against fuzz testers and/or other components to detail gaps in testing coverage that seem likely to prevent similar cases from arising in the future.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70326/new/
https://reviews.llvm.org/D70326
More information about the llvm-commits
mailing list