From ae22eb47d27c9a952a06cdcd7d30a028252d5968 Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Mon, 22 Jun 2020 15:41:01 +0200
Subject: [PATCH] CONTRIBUTING: mention soundness issues (#314)

---
 CONTRIBUTING.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c07dfa9..92b275f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -13,7 +13,7 @@ this repository containing the new advisory:
 3. Open a [Pull Request]. After being reviewed your advisory will be assigned
    a `RUSTSEC-*` advisory identifier and be published to the database.
    
-### Optional Steps   
+### Optional Steps
 
 Feel free to do either or both of these as you see fit (we recommend you do both):
 
@@ -35,6 +35,12 @@ examples of qualifying vulnerabilities:
 * Covert Channels (e.g. Spectre, Meltdown)
 * Panics in code advertised as "panic-free" (particularly if useful for network DoS attacks)
 
+Moreover, RustSec also tracks [soundness] issues as informational advisories, independent of whether they are vulnerabilities or not.
+A soundness issue arises when using a crate from safe code can cause [Undefined Behavior].
+
+[soundness]: https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library
+[Undefined Behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html
+
 When in doubt, please open a PR.
 
 ## FAQ