cfallin commented on issue #4174:
Re: security -- if we can point to current efforts in addition to things-that-fully-exist-today, we could mention "We're also working with academic collaborators to fully formally verify our compilation pipeline", maybe?
It might also be worth mentioning that we follow best practices for security wrt guest code sandboxing, e.g. Spectre mitigations, and that we try to adopt defense-in-depth strategies where we can (extra guard regions, zeroing memory immediately after termination, using hardware CFI features to guard control flow, ...).
github-actions[bot] commented on issue #4174:
Subscribe to Label Action
cc @peterhuene
<details>
This issue or pull request has been labeled: "wasmtime:api", "wasmtime:docs"Thus the following users have been cc'd because of the following labels:
- peterhuene: wasmtime:api
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
alexcrichton commented on issue #4174:
I opted to also go ahead and merge
security-sandboxing.md
withsecurity.md
sincesecurity.md
was otherwise empty. I additionall expanded the documentation with items you mentioned @cfallin. Finally I also tried to update some various documentation for #3704 to make sure relevant locations mention ahead-of-time where appropriate.
Last updated: Dec 23 2024 at 13:07 UTC