[llvm] docs: Add an incident response guide (PR #133567)

Kristof Beyls via llvm-commits llvm-commits at lists.llvm.org
Sat Mar 29 00:06:15 PDT 2025


================
@@ -0,0 +1,87 @@
+============================
+LLVM Incident Response Guide
+============================
+
+Purpose
+=======
+
+The purpose of this document is to outline how a project administrator should respond to
+malicious or unwanted content that appears on LLVM infrastructure.  This includes but
+is not limited to: malicious code checked into the GitHub repository,  unauthorized access
+to LLVM controlled servers, or compromise of community owned resources like buildbots
+or GitHub Actions runners.
----------------
kbeyls wrote:

Given there are different classes of incidents, and this document only covers a subset of all classes, I think it would be useful to have a pointer here to how other classes of incidents should be handled.
At the least, I think there should be a pointer to https://llvm.org/docs/Security.html#how-to-report-a-security-issue, and a description of when to use that process instead of the one in this document. We could also update https://llvm.org/docs/Security.html to point to this document, with a description of when to use the process documented here.

I'm not sure if there is a class of incidents that are not covered by either process document, but maybe there could be a "fall-back", saying what to do when you have an incident that requires some action that is not covered by either process document?

https://github.com/llvm/llvm-project/pull/133567


More information about the llvm-commits mailing list