Add documentation regarding security issues and the status of Wasm proposals.

lum1n0us · lum1n0us · commit ee647abfece9 · 2024-12-19T08:41:43.000Z
diff --git a/doc/security_need_to_know.md b/doc/security_need_to_know.md
@@ -0,0 +1,28 @@
+# About security issues
+
+This document aims to explain the process of identifying a security issue and the steps for managing a security issue.
+
+## identifying a security issue
+
+It is commonly stated that a security issue is an issue that:
+- Exposes sensitive information to unauthorized parties.
+- Allows unauthorized modification of data or system state.
+- Affects the availability of the system or its services.
+- Permits unauthorized access to the system.
+- Enables users to perform actions they should not be able to.
+- Allows users to deny actions they have performed.
+
+Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that Wasm modules ' execution is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.
+
+Thus, we share most of the criteria for judging security issues with [the Bytecode Alliance](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#definition).
+
+>[!NOTE]
+> keep updating this document as the project evolves.
+
+## managing a security issue
+
+Before reporting an issue, particularly one related to crashing, consult [the cheat sheet](), *Report a security vulnerability*  if it qualifies.
+
+Upon receiving an issue, thoroughly review [the cheat sheet] to assess and *Report a security vulnerability* if the issue is indeed a security vulnerability .
+
+Once a security issue is confirmed, please refer to [the runbook](https://github.com/bytecodealliance/rfcs/blob/main/accepted/vulnerability-response-runbook.md) for the subsequent steps to take.
diff --git a/doc/stability_wasm_proposals.md b/doc/stability_wasm_proposals.md
@@ -0,0 +1,72 @@
+# Wasm Proposals
+
+This document is intended to describe the current status of WebAssembly proposals and WASI proposals in WAMR.
+
+Only track proposals that are followed in the [WebAssembly proposals](https://github.com/WebAssembly/proposals) and [WASI proposals](https://github.com/WebAssembly/WASI/blob/main/Proposals.md).
+
+Normally, the document tracks proposals that are in phase 4. However, if a proposal in an earlier phase receives support, it will be added to the list below.
+
+The _status_ represents the configuration _product-mini/platforms/linux/CMakeLists.txt_. There may be minor differences between the top-level CMakeLists and platform-specific CMakeLists.
+
+Users can turn those features on or off using compilation options. If a relevant compilation option is not available(`N/A`), it indicates that the feature is permanently enabled.
+
+## On-by-default Wasm Proposals
+
+| Proposal                              | Phase 4 | Compilation Option         |
+| ------------------------------------- | ------- | -------------------------- |
+| Non-trapping float-to-int conversions | Yes     | N/A                        |
+| Sign-extension operators              | Yes     | N/A                        |
+| Multi-value                           | Yes     | N/A                        |
+| Reference Types                       | Yes     | `WAMR_BUILD_REF_TYPES`     |
+| Bulk memory operations                | Yes     | `WAMR_BUILD_BULK_MEMORY`   |
+| Fixed-width SIMD[^1]                  | Yes     | `WAMR_BUILD_SIMD`          |
+| Extended Constant Expressions         | Yes     | N/A                        |
+| Typed Function References             | Yes     | `WAMR_BUILD_GC`            |
+| Thread                                | Yes     | `WAMR_BUILD_SHARED_MEMORY` |
+| Exception handling[^2]                | Yes     | `WAMR_BUILD_EXCE_HANDLING` |
+| WebAssembly C and C++ API             | No      | N/A                        |
+
+[^1]: jit and aot only
+[^2]: interpreter only
+
+## Off-by-default Wasm Proposals
+
+| Proposal              | Phase 4 | Compilation Option        |
+| --------------------- | ------- | ------------------------- |
+| Tail call             | Yes     | `WAMR_BUILD_TAIL_CALL`    |
+| Garbage collection    | Yes     | `WAMR_BUILD_GC`           |
+| Multiple memories[^3] | Yes     | `WAMR_BUILD_MULTI_MEMORY` |
+| Memory64              | Yes     | `WAMR_BUILD_MEMORY64`     |
+
+[^3]: interpreter only
+
+## Unimplemented Wasm Proposals
+
+| Proposal                                    | Phase 4 |
+| ------------------------------------------- | ------- |
+| Import/Export of Mutable Globals            | Yes     |
+| Relaxed SIMD                                | Yes     |
+| Custom Annotation Syntax in the Text Format | Yes     |
+| Branch Hinting                              | Yes     |
+| JS String Builtins                          | Yes     |
+
+## On-by-default WASI Proposals
+
+| Proposal | Phase 4 | Compilation Option |
+| -------- | ------- | ------------------ |
+
+## Off-by-default WASI Proposals
+
+| Proposal                   | Phase 4 | Compilation Option            |
+| -------------------------- | ------- | ----------------------------- |
+| Machine Learning (wasi-nn) | No      | `WAMR_BUILD_WASI_NN`          |
+| Threads                    | No      | `WAMR_BUILD_LIB_WASI_THREADS` |
+
+## Unimplemented WASI Proposals
+
+| Proposal | Phase 4 |
+| -------- | ------- |
+
+## WAMR features
+
+WAMR offers a variety of customizable features to create a highly efficient runtime. For more details, please refer to [build_wamr](./build_wamr.md).
