Short answer: a core dump can contain credentials, tokens, request data, and application memory. Decide deliberately whether to disable, restrict, retain, or securely collect coredumps instead of treating them as harmless crash files.
What policy questions matter?
Decide who can read dumps, where they are stored, how long they remain, how disk usage is bounded, and whether incident responders need a protected copy. The right setting depends on debugging value and data sensitivity.
What should an operator review?
Review systemd’s coredump configuration, storage limits, access permissions, retention, and export path. If dumps are retained, protect them like logs containing secrets. If they are disabled, document how an incident will obtain equivalent diagnostic evidence.
The policy belongs beside service hardening and backup decisions; see systemd server-operator notes.