These components process input external to the process, and the application depends on these components to report errors to detect failure, so these components are security-critical. The writers are, too, because a valid use of the classes is to stream-read something, filter or edit a few nodes, and then stream back, in which case writers see the same input as the readers, only in reverse, and have to build a valid output. Where there's doubt whether a header should be considered critical or not, err on the side of critical. We can always revisit the decision later when we know what semantics we'll attach to this marking. Where a header only contains declarations (and class definitions), mark as significant with reason "header, declarations only". It is probably a good idea to avoid any non-trivial inline code in headers whose .cpp files are security-critical, but moving all inline code out-of-line is a task for a different patch. Amends 8df072fc8006510c9b743e8ffedaaf51a876883a. QUIP: 23 Task-number: QTBUG-135194 Pick-to: 6.10 6.9 6.8 Change-Id: Ie317c4df652430e6e68954c37d553b760836dff8 Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>