|
|
@@ -4,3 +4,19 @@
|
|
|
|
|
|
Draft a [new security advisory](https://github.com/FreshRSS/FreshRSS/security/advisories) online,
|
|
|
or report security issues to <alexandre@alapetite.fr> ([PGP public key if relevant](https://alexandre.alapetite.fr/cv/pgp.asc)).
|
|
|
+
|
|
|
+## AI-assisted security scanning
|
|
|
+
|
|
|
+Include:
|
|
|
+* Which AI tool was used
|
|
|
+* Whether you are yourself a user of FreshRSS
|
|
|
+
|
|
|
+Recommendations:
|
|
|
+* Check duplicates in existing public PRs, issues, discussions, documentation
|
|
|
+* Consider submitting a public PR if the vulnerability was mostly found by a public AI
|
|
|
+
|
|
|
+Inspiration from <https://lkml.org/lkml/2026/5/17/896>:
|
|
|
+> AI detected bugs are pretty much by definition not secret, and
|
|
|
+> treating them on some private list is a waste of time for everybody
|
|
|
+> involved - and only makes that duplication worse because the reporters
|
|
|
+> can't even see each other's reports.
|
Alexandre Alapetite