Skip to content

Add security issue runbook #4450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 8, 2025
Merged

Add security issue runbook #4450

merged 1 commit into from
Jul 8, 2025
+47 −1

Conversation

lum1n0us
Copy link
Collaborator

@lum1n0us lum1n0us commented Jul 3, 2025

and update reference in security need to know document

kylo5aby
kylo5aby reviewed Jul 3, 2025
View reviewed changes
kylo5aby
kylo5aby reviewed Jul 3, 2025
View reviewed changes
TianlongLiang
TianlongLiang reviewed Jul 4, 2025
View reviewed changes
Copy link
Collaborator

@TianlongLiang TianlongLiang left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the future(another following PR maybe), maybe we should add more details about what kind of bug should be considered a security issue. My preliminary thoughts are:

  • Define the tier 1 platform or feature in security_need_to_know.md or a separate document dedicated to documenting the tier of support, and only bugs that affect those are considered security issues.
  • Use a bug that affects security properties (CIA, Confidentiality, Integrity, Availability) should be considered as a security issue; we can add a table to categorize bugs that fall into those three categories.

loganek
loganek approved these changes Jul 4, 2025
View reviewed changes
Copy link
Collaborator

@loganek loganek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lum1n0us
Add security issue runbook
cf7d8e6 
This runbook provides step-by-step guidance on handling a security advisory
@lum1n0us lum1n0us merged commit d3b0b5c into bytecodealliance:main Jul 8, 2025
1 check passed
@lum1n0us lum1n0us deleted the fix/sec_runbook branch July 8, 2025 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylo5aby kylo5aby kylo5aby left review comments

@loganek loganek loganek approved these changes

@TianlongLiang TianlongLiang TianlongLiang approved these changes

@no1wudi no1wudi Awaiting requested review from no1wudi no1wudi is a code owner

@wenyongh wenyongh Awaiting requested review from wenyongh wenyongh is a code owner

@xujuntwt95329 xujuntwt95329 Awaiting requested review from xujuntwt95329 xujuntwt95329 is a code owner

@yamt yamt Awaiting requested review from yamt yamt is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lum1n0us @loganek @kylo5aby @TianlongLiang