Has everyone seen this PR:
https://github.com/liballeg/allegro5/pull/1221
Looks like a perfectly reasonable and sensible statement to make, but I was wondering if there was any basis to the assertion that "The Allegro library is being used in academic environments and production environments for games (commercial and free) and other tools. A policy to assure some degree of security and quality must be put in place." (my emphasis)
Is this a general trend across the industry?

The guy says he's been a security engineer for 17 years.

Someone who's a dentist will get exasperated if you don't floss religiously twice a day, a mechanic will have the vapors if you don't change your coolant every two years, etc. Not that those aren't excellent ideas, but it's not like the entire world will end if you don't do those things.

Everything looks like a nail when you have a hammer.

There is a linked issue which has appeared since, where he says he has identified some critical security-related problems. It'll be interesting to see what these are.
I am ashamed to say my first thought was that it was something like the Hacktoberfest fiasco.

It's good to have a security policy, but it should be realistic not idealistic. That is, if there isn't anybody willing to fix and resolve issues promptly then the policy should directly state that it may be weeks before we can respond.

That is, while we are not under any moral obligation to provide emergency response to code we've given away for free, we also should be clear in the amount of support we can provide in such instances. Then people can make informed decisions on if they want to use Allegro or not.

That said, most security issues in Allegro are irrelevant if you are using it for its intended purposes of user-mode local games. But sure, if you are using it as root or in a shared environment where you are letting users control input, then there's probably a lot of ways for them to crash your system.

This sort of reminds me how windows disallowed direct screen access (along with many other things) to prevent denial of service attacks by just creating a blank screen that didn't allow input/output etc. but then they came out with DirectX to do exactly that. WinG was the prototype.

Now I want to know what are the security flaws in Allegro. I'm intrigued.