Skip to content

Commit 37d9801

Browse files
committed
Security policy: exceptions are not crashes
1 parent 3235043 commit 37d9801

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

security/policy.rst

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,10 @@ triggerable with data inputs that are reasonably sized for the use case.
4545
Availability vulnerabilities must also demonstrate an "upward" change in posture
4646
for the attacker, rather than a "lateral" one.
4747
This is to avoid handling performance improvements as security vulnerabilities.
48-
Exceptions are an expected part of control flow when processing inputs,
49-
therefore crashes resulting from unhandled exceptions are not security vulnerabilities.
48+
49+
Exceptions are an expected part of control flow when processing inputs.
50+
Unhandled exceptions are not considered crashes and are not, by themselves,
51+
security vulnerabilities.
5052

5153
Vulnerabilities in dependencies of Python (such as zlib, Tcl/Tk, or OpenSSL)
5254
are not vulnerabilities in Python unless Python's use of the dependency

0 commit comments

Comments
 (0)