Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 0e324b3

Browse filesBrowse files
authored
[DOCS] Remove bullet point on improving security over time. (#116980)
Remove the 6th bullet point "Strive to improve security over time, for example by adding additional testing, fuzzing and hardening after fixing issues." At the security group meeting on 2024-11-19 we discussed the role the security group was performing in practice. We are in effect acting as a security response group, dealing with issues raised via the process given in the LLVM Security group page. We are not proactively adding additional testing fuzzing and hardening. While this could be considered an aspirational goal, it may give the implication that the LLVM Security Group is handling or at worst guaranteeing security for the LLVM project when in practice it is not. Meeting notes: https://discourse.llvm.org/t/llvm-security-group-public-sync-ups/62735/32
1 parent ccb66bf commit 0e324b3
Copy full SHA for 0e324b3

File tree

Expand file treeCollapse file tree

1 file changed

+0
-1
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+0
-1
lines changed

‎llvm/docs/Security.rst

Copy file name to clipboardExpand all lines: llvm/docs/Security.rst
-1Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ The LLVM Security Response Group has the following goals:
99
3. Allow distributors time to investigate and deploy fixes before wide dissemination of vulnerabilities or mitigation shortcomings.
1010
4. Ensure timely notification and release to vendors who package and distribute LLVM-based toolchains and projects.
1111
5. Ensure timely notification to users of LLVM-based toolchains whose compiled code is security-sensitive, through the `CVE process`_.
12-
6. Strive to improve security over time, for example by adding additional testing, fuzzing, and hardening after fixing issues.
1312

1413
*Note*: these goals ensure timely action, provide disclosure timing when issues are reported, and respect vendors' / packagers' / users' constraints.
1514

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.