The Linux kernel has merged new documentation for Linux 7.1 clarifying what qualifies as a security bug and how to responsibly use AI tools when reporting kernel bugs. Authored by Willy Tarreau, the docs address a surge in low-quality AI-assisted security reports. Key points: bugs found with AI assistance must be treated as public disclosures, AI-generated reports should be concise and in plain text without Markdown, reporters must verify reproducers and proposed fixes before submitting, and theoretical impact speculation should be avoided. The documentation also clarifies that most bugs reported to the security team are ordinary bugs misclassified as security issues.
Sort: