Wasmtime GitHub notifications bot (May 20 2022 at 16:12): Wasmtime GitHub notifications bot (May 20 2022 at 16:12):cfallin commented on issue #4174:
Re: security -- if we can point to current efforts in addition to things-that-fully-exist-today, we could mention "We're also working with academic collaborators to fully formally verify our compilation pipeline", maybe?
It might also be worth mentioning that we follow best practices for security wrt guest code sandboxing, e.g. Spectre mitigations, and that we try to adopt defense-in-depth strategies where we can (extra guard regions, zeroing memory immediately after termination, using hardware CFI features to guard control flow, ...).
Wasmtime GitHub notifications bot (May 20 2022 at 16:40):github-actions[bot] commented on issue #4174:
Subscribe to Label Action
cc @peterhuene
<details>
This issue or pull request has been labeled: "wasmtime:api", "wasmtime:docs"Thus the following users have been cc'd because of the following labels:
- peterhuene: wasmtime:api
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
Wasmtime GitHub notifications bot (May 20 2022 at 16:50):alexcrichton commented on issue #4174:
I opted to also go ahead and merge
security-sandboxing.mdwithsecurity.mdsincesecurity.mdwas otherwise empty. I additionall expanded the documentation with items you mentioned @cfallin. Finally I also tried to update some various documentation for #3704 to make sure relevant locations mention ahead-of-time where appropriate.
Last updated: Nov 22 2024 at 17:03 UTC