Refine security documentation and reorganize Wasm proposals for clarity

Author: lum1n0us

doc/security_need_to_know.md

@@ -13,7 +13,7 @@ It is commonly stated that a security issue is an issue that:
 - Enables users to perform actions they should not be able to.
 - Allows users to deny actions they have performed.
 
-Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that Wasm modules' execution is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.
+Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that the execution of Wasm modules is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.
 
 Thus, we share most of the criteria for judging security issues with [the Bytecode Alliance](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#definition).
 
@@ -28,6 +28,6 @@ Follow the [same guidelines](https://bytecodealliance.org/security) as other pro
 
 Before reporting an issue, particularly one related to crashing, consult [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability), _Report a security vulnerability_ if it qualifies.
 
-Upon receiving an issue, thoroughly review [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability) to assess and _Report a security vulnerability_ if the issue is indeed a security vulnerability .
+Upon receiving an issue, thoroughly review [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability) to assess and _Report a security vulnerability_ if the issue is indeed a security vulnerability.
 
 Once a security issue is confirmed, please refer to [the runbook](https://github.com/bytecodealliance/rfcs/blob/main/accepted/vulnerability-response-runbook.md) for the subsequent steps to take.

doc/stability_wasm_proposals.md

@@ -14,42 +14,43 @@ Users can turn those features on or off by using compilation options. If a relev
 
 | Proposal                              | Phase 4 | Compilation Option         |
 | ------------------------------------- | ------- | -------------------------- |
-| Non-trapping float-to-int conversions | Yes     | N/A                        |
-| Sign-extension operators              | Yes     | N/A                        |
-| Multi-value                           | Yes     | N/A                        |
-| Reference Types                       | Yes     | `WAMR_BUILD_REF_TYPES`     |
 | Bulk memory operations                | Yes     | `WAMR_BUILD_BULK_MEMORY`   |
-| Fixed-width SIMD[^1]                  | Yes     | `WAMR_BUILD_SIMD`          |
 | Extended Constant Expressions         | Yes     | N/A                        |
-| Typed Function References             | Yes     | `WAMR_BUILD_GC`            |
-| Thread                                | Yes     | `WAMR_BUILD_SHARED_MEMORY` |
+| Fixed-width SIMD[^1]                  | Yes     | `WAMR_BUILD_SIMD`          |
 | Legacy Exception handling[^2]         | Yes     | `WAMR_BUILD_EXCE_HANDLING` |
+| Multi-value                           | Yes     | N/A                        |
+| Non-trapping float-to-int conversions | Yes     | N/A                        |
+| Reference Types                       | Yes     | `WAMR_BUILD_REF_TYPES`     |
+| Sign-extension operators              | Yes     | N/A                        |
+| Thread                                | Yes     | `WAMR_BUILD_SHARED_MEMORY` |
 | WebAssembly C and C++ API             | No      | N/A                        |
 
 [^1]: llvm-jit and aot only
 [^2]: interpreter only
 
 ## Off-by-default Wasm Proposals
 
-| Proposal              | Phase 4 | Compilation Option        |
-| --------------------- | ------- | ------------------------- |
-| Tail call             | Yes     | `WAMR_BUILD_TAIL_CALL`    |
-| Garbage collection    | Yes     | `WAMR_BUILD_GC`           |
-| Multiple memories[^3] | Yes     | `WAMR_BUILD_MULTI_MEMORY` |
-| Memory64              | Yes     | `WAMR_BUILD_MEMORY64`     |
+| Proposal                  | Phase 4 | Compilation Option        |
+| ------------------------- | ------- | ------------------------- |
+| Garbage collection        | Yes     | `WAMR_BUILD_GC`           |
+| Memory64                  | Yes     | `WAMR_BUILD_MEMORY64`     |
+| Multiple memories[^3]     | Yes     | `WAMR_BUILD_MULTI_MEMORY` |
+| Reference-Typed Strings   | No      | `WAMR_BUILD_STRINGREF`    |
+| Tail call                 | Yes     | `WAMR_BUILD_TAIL_CALL`    |
+| Typed Function References | Yes     | `WAMR_BUILD_GC`           |
 
 [^3]: interpreter only
 
 ## Unimplemented Wasm Proposals
 
 | Proposal                                    | Phase 4 |
 | ------------------------------------------- | ------- |
-| Import/Export of Mutable Globals            | Yes     |
-| Relaxed SIMD                                | Yes     |
-| Custom Annotation Syntax in the Text Format | Yes     |
 | Branch Hinting                              | Yes     |
-| JS String Builtins                          | Yes     |
+| Custom Annotation Syntax in the Text Format | Yes     |
 | Exception handling                          | Yes     |
+| Import/Export of Mutable Globals            | Yes     |
+| JS String Builtins                          | Yes     |
+| Relaxed SIMD                                | Yes     |
 
 ## On-by-default WASI Proposals