The LLVM Security group was established in 2019. It's main goal is to enable users and contributors of LLVM to disclose security-related issues responsibly. The group is relatively young and continues to evolve and optimize its processes. In the first part of this presentation, I'll describe how the group was established, and what it has achieved so far. I'll briefly summarize the kinds of reports we've received.

The second part of the presentation will cover remaining challenges faced by the group and the LLVM project related to the handling of security issues. These include "how to communicate security issues to everyone who should know", "defining a threat model/what is a security issue", better making use of github's security-supporting features, and improving implementation details on how to report issues.