Skip to content

doc(security,aot): added security guidance around AoT binaries#4867

Merged
lum1n0us merged 4 commits intobytecodealliance:mainfrom
srberard:dev/security-guidance-updates
Apr 8, 2026
Merged

doc(security,aot): added security guidance around AoT binaries#4867
lum1n0us merged 4 commits intobytecodealliance:mainfrom
srberard:dev/security-guidance-updates

Conversation

@srberard
Copy link
Copy Markdown
Contributor

@srberard srberard commented Mar 7, 2026

Adds explicit guidance distinguishing trusted AoT binaries from untrusted Wasm binaries, clarifies that malformed/manipulated AoT files are bugs not security issues, and cleans up wording in the security checklist section.

@srberard
doc(security,aot): added security guidance around AoT binaries
efe4403 
Adds explicit guidance distinguishing trusted AoT binaries from untrusted
Wasm binaries, clarifies that malformed/manipulated AoT files are bugs not
security issues, and cleans up wording in the security checklist section.

Signed-off-by: Stephen Berard <stephen.berard@outlook.com>
Copilot AI review requested due to automatic review settings March 7, 2026 12:44
Copilot AI reviewed Mar 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the security guidance doc to clarify how to classify security issues vs bugs when dealing with untrusted Wasm inputs versus trusted AoT outputs, and to refine the reporting checklist language.

Changes:

  • Adds explicit guidance distinguishing untrusted WebAssembly binaries from trusted, toolchain-produced AoT binaries.
  • Clarifies when AoT-related crashes/sandbox breaches should be treated as security issues (toolchain emission) vs non-security bugs (malformed/manipulated AoT artifacts).
  • Edits the “crash or hang” checklist section and removes a formatting artifact.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

lum1n0us
lum1n0us reviewed Mar 9, 2026
View reviewed changes
srberard and others added 3 commits March 31, 2026 11:26
@srberard
Update doc/security_need_to_know.md
3f1e29a 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@srberard
Update doc/security_need_to_know.md
e47af1f 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@srberard
Refined guidance around what is a security issue
f05a8b8 
Signed-off-by: Stephen Berard <stephen.berard@outlook.com>
@lum1n0us lum1n0us merged commit f5a1c39 into bytecodealliance:main Apr 8, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lum1n0us lum1n0us lum1n0us approved these changes

@TianlongLiang TianlongLiang Awaiting requested review from TianlongLiang TianlongLiang is a code owner

@yamt yamt Awaiting requested review from yamt yamt is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@srberard @lum1n0us