c9dbaa4c86
To track security issues, we're starting with the chromium bug tracker (using the llvm project there). We considered using Github Security Advisories. However, they are currently intended as a way for project owners to publicize their security advisories, and aren't well-suited to reporting issues. This also moves the issue-reporting paragraph to the beginning of the document, in part to make it more discoverable, in part to allow the anchor-linking to actually display the paragraph at the top of the page. Note that this doesn't update the concrete list of security-sensitive areas, which is still an open item. When we do, we may want to move the list of security-sensitive areas next to the issue-reporting paragraph as well, as it seems like relevant information needed in the reporting process. Finally, when describing the discission medium, this splits the topics discussed into two: the concrete security issues, discussed in the issue tracker, and the logistics of the group, in our mailing list, as patches on public lists, and in the monthly sync-up call. While there, add a SECURITY.md page linking to the relevant paragraph. Differential Revision: https://reviews.llvm.org/D100873
6 lines
205 B
Markdown
6 lines
205 B
Markdown
# Reporting LLVM Security Issues
|
|
|
|
To report security issues in LLVM, please follow the steps outlined on the
|
|
[LLVM Security Group](https://llvm.org/docs/Security.html#how-to-report-a-security-issue)
|
|
page.
|