Improve security documentation and clarify Wasm proposal statuses

lum1n0us · lum1n0us · commit 7d3bb232e8d3 · 2024-12-23T05:34:35.000Z
diff --git a/doc/security_need_to_know.md b/doc/security_need_to_know.md
@@ -5,24 +5,29 @@ This document aims to explain the process of identifying a security issue and th
 ## identifying a security issue
 
 It is commonly stated that a security issue is an issue that:
+
 - Exposes sensitive information to unauthorized parties.
 - Allows unauthorized modification of data or system state.
 - Affects the availability of the system or its services.
 - Permits unauthorized access to the system.
 - Enables users to perform actions they should not be able to.
 - Allows users to deny actions they have performed.
 
-Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that Wasm modules ' execution is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.
+Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that Wasm modules' execution is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.
 
 Thus, we share most of the criteria for judging security issues with [the Bytecode Alliance](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#definition).
 
->[!NOTE]
+> [!NOTE]
 > keep updating this document as the project evolves.
 
+## reporting a security issue
+
+Follow the [same guidelines](https://bytecodealliance.org/security) as other projects within the Bytecode Alliance.
+
 ## managing a security issue
 
-Before reporting an issue, particularly one related to crashing, consult [the cheat sheet](), *Report a security vulnerability*  if it qualifies.
+Before reporting an issue, particularly one related to crashing, consult [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability), _Report a security vulnerability_ if it qualifies.
 
-Upon receiving an issue, thoroughly review [the cheat sheet] to assess and *Report a security vulnerability* if the issue is indeed a security vulnerability .
+Upon receiving an issue, thoroughly review [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability) to assess and _Report a security vulnerability_ if the issue is indeed a security vulnerability .
 
 Once a security issue is confirmed, please refer to [the runbook](https://github.com/bytecodealliance/rfcs/blob/main/accepted/vulnerability-response-runbook.md) for the subsequent steps to take.
diff --git a/doc/stability_wasm_proposals.md b/doc/stability_wasm_proposals.md
@@ -8,7 +8,7 @@ Normally, the document tracks proposals that are in phase 4. However, if a propo
 
 The _status_ represents the configuration _product-mini/platforms/linux/CMakeLists.txt_. There may be minor differences between the top-level CMakeLists and platform-specific CMakeLists.
 
-Users can turn those features on or off using compilation options. If a relevant compilation option is not available(`N/A`), it indicates that the feature is permanently enabled.
+Users can turn those features on or off by using compilation options. If a relevant compilation option is not available(`N/A`), it indicates that the feature is permanently enabled.
 
 ## On-by-default Wasm Proposals
 
@@ -23,7 +23,7 @@ Users can turn those features on or off using compilation options. If a relevant
 | Extended Constant Expressions         | Yes     | N/A                        |
 | Typed Function References             | Yes     | `WAMR_BUILD_GC`            |
 | Thread                                | Yes     | `WAMR_BUILD_SHARED_MEMORY` |
-| Exception handling[^2]                | Yes     | `WAMR_BUILD_EXCE_HANDLING` |
+| Legacy Exception handling[^2]         | Yes     | `WAMR_BUILD_EXCE_HANDLING` |
 | WebAssembly C and C++ API             | No      | N/A                        |
 
 [^1]: jit and aot only
@@ -49,6 +49,7 @@ Users can turn those features on or off using compilation options. If a relevant
 | Custom Annotation Syntax in the Text Format | Yes     |
 | Branch Hinting                              | Yes     |
 | JS String Builtins                          | Yes     |
+| Exception handling                          | Yes     |
 
 ## On-by-default WASI Proposals
 
@@ -69,4 +70,4 @@ Users can turn those features on or off using compilation options. If a relevant
 
 ## WAMR features
 
-WAMR offers a variety of customizable features to create a highly efficient runtime. For more details, please refer to [build_wamr](./build_wamr.md).
+WAMR offers a variety of customizable features to create a highly efficient runtime. For more details, please refer to [build_wamr](./build_wamr.md).
