Commit Graph

17 Commits

Author SHA1 Message Date
Pietro Albini fdd0195306 [Security Group] Update representative for Rust.
Steve Klabnik recently left the Rust project. Josh Stone (the other member of
the Rust Security Response WG) replaces him as one of the vendor contacts for
Rust.

Differential Revision: https://reviews.llvm.org/D119137
2022-05-18 14:21:19 +02:00
Tanya Lattner b4990ac330 Update references to the mailing lists that have moved to Discourse. 2022-02-21 18:58:48 -08:00
Kristof Beyls 4d82ae67b2 Add security group 2021 transparency report.
Differential Revision:  https://reviews.llvm.org/D117872
2022-01-21 15:43:17 +01:00
Pietro Albini c8c3021e9f Update Pietro Albini's employer
Differential Revision: https://reviews.llvm.org/D117027
2022-01-12 14:46:06 +01:00
Dimitry Andric 593b4d7a1c [Nomination] Adding Intel representatives to security group
We would like to nominate Andy Kaylor and Sergey Maslov to join the LLVM security group as a representative of Intel.  Both are members of the Intel compiler team, and would like to register as vendor contacts.  Intel packages and distributes LLVM-based toolchains as part of our compiler products.   As such, we would like to be aware of any security vulnerability found in the compiler, and would like to contribute to the resolution of such issues.

Please let us know if anything is missing from the nomination.

Reviewed By: apilipenko, dim, george.burgess.iv, kristof.beyls, mattdr, nikhgupt, probinson, peter.smith, pietroalbini, steveklabnik

Differential Revision: https://reviews.llvm.org/D115657
2022-01-11 17:30:44 +01:00
Nikhil Gupta 8ea60cf1de Adding an Nvidia representative to security group
Adding Nikhil Gupta as an Nvidia representative to the llvm security
group.

Differential Revision: https://reviews.llvm.org/D106906
2021-08-18 12:08:11 +02:00
Paul Robinson ca58d9af73 [Security] Replace Josh Eads with Tim Penge as a Sony rep 2021-08-10 12:54:23 -04:00
George Burgess IV 4c98e9455a security: highlight phab accounts; recommend phab for nominations
This commit contains two mildly separate concepts.

First, sending out reviews for things like this is a bit of a
complicated endeavor, since the reviewer list is relatively long, and I
generally rely on prior CLs in this area to find an authoritative list.
Life's quite a bit easier if phab usernames are readily available on the
doc. So part 1 is making those available.

Second, it seems to me that, at the moment, Phabricator makes the most
sense for membership changes (incl. security group nominations). My
reasoning for this is detailed in the diff, and to some extent in
comment #1 of this bug
<https://bugs.chromium.org/p/llvm/issues/detail?id=12#c1>. This change
adds prose to recommend the use of Phabricator for nominations as a
result.

Differential Revision: https://reviews.llvm.org/D106917
2021-07-29 22:28:25 +00:00
Ahmed Bougacha c9dbaa4c86 [docs] Describe reporting security issues on the chromium tracker.
To track security issues, we're starting with the chromium bug tracker
(using the llvm project there).

We considered using Github Security Advisories.  However, they are
currently intended as a way for project owners to publicize their
security advisories, and aren't well-suited to reporting issues.

This also moves the issue-reporting paragraph to the beginning of the
document, in part to make it more discoverable, in part to allow the
anchor-linking to actually display the paragraph at the top of the page.

Note that this doesn't update the concrete list of security-sensitive
areas, which is still an open item.  When we do, we may want to move the
list of security-sensitive areas next to the issue-reporting paragraph
as well, as it seems like relevant information needed in the reporting
process.

Finally, when describing the discission medium, this splits the topics
discussed into two: the concrete security issues, discussed in the
issue tracker, and the logistics of the group, in our mailing list,
as patches on public lists, and in the monthly sync-up call.

While there, add a SECURITY.md page linking to the relevant paragraph.

Differential Revision: https://reviews.llvm.org/D100873
2021-05-19 15:21:50 -07:00
Ahmed Bougacha 6a2e298517 [docs] Replace Apple representative to security group.
Differential Revision: https://reviews.llvm.org/D100864
2021-04-27 11:00:49 -07:00
George Burgess IV 5079bc8a23 docs: Adding Google representative to the security group
This adds me as a Google representative for the LLVM security group.

This was proposed, discussed, and voted on in the differential revision
linked below; please see it for more information.

Differential Revision: https://reviews.llvm.org/D99232
2021-03-26 18:55:37 -07:00
Artur Pilipenko 037ef7d70c Adding new Azul representative to security group
Adding myself as a new Azul representative to security group.

Differential Revision: https://reviews.llvm.org/D89287
2020-10-19 22:41:19 -07:00
Pietro Albini 05ef552e56 Add expected response time and escalation path to the security docs
Following up on the discussion within the group during the roundtable at
the 2020 LLVM Developers Meeting, this commit adds to the security docs:

* How long we expect acknowledging security reports will take
* The escalation path the reporter can follow if they get no response

A temporary line inviting reporters to directly follow the escalation
path while the mailing list is being setup is also added.

Differential Revision: https://reviews.llvm.org/D89068
2020-10-13 10:57:06 +02:00
Philip Reames d89de5a14e Step down from security group
Resigning from security group as Azul representative as I have left Azul.  Previously communicated via email with security group.

Differential Revision: https://reviews.llvm.org/D88933
2020-10-10 09:48:02 -07:00
JF Bastien baa74e013f Step down from security group
Propose Ahmed as a replacement. He's fixed many security issues in LLVM for Apple in the last few years, as such he'll fit the "Individual contributors" description.

Differential Revision: https://reviews.llvm.org/D86742
2020-09-03 08:44:27 -07:00
Kazu Hirata a31b3893c7 [docs] Fix typos 2020-08-09 19:31:49 -07:00
JF Bastien 7bf73bcf6d [docs] LLVM Security Group and Process
Summary:
See the corresponding RFC on llvm-dev for a discussion of this proposal.
  http://lists.llvm.org/pipermail/llvm-dev/2019-November/136839.html

Subscribers: jkorous, dexonsmith, arphaman, ributzka, llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D70326
2020-07-10 15:24:02 -07:00