https://github.com/bytecodealliance/rfcs/pull/32
Wasmtime has documented processes for reporting, responding to, patching, and disclosing security vulnerabilities. However, the Wasmtime project does not currently define which kinds of bugs are and are not considered security vulnerabilities. This RFC aims to reach consensus on that definition.
Particularly interested in getting feedback from Wasmtime embedders!
Thanks for putting this together -- the table is nice and comprehensive, on first skim!
Last updated: Dec 23 2024 at 14:03 UTC