Filippo: stop giving vuln reports the white-glove treatment

4 min read 1 source clear_take
├── "Responsible disclosure's special handling is obsolete because AI has destroyed the signal value of 'security' reports"
│  ├── Filippo Valsorda (words.filippo.io) → read

Valsorda argues that the entire apparatus of private channels, embargoes, and CVE coordination was built when a vulnerability report meant someone had done real work. Now that anyone can paste code into an LLM and forward the output to security@, the implicit bargain — special treatment in exchange for high-signal research — has collapsed and maintainers should stop honoring it by default.

│  └── @goranmoomin (Hacker News, 359 pts) → view

By submitting Valsorda's post to HN with a straightforward title, the submitter endorses the framing that vulnerability reports no longer warrant categorically different treatment from regular bug reports. The 359-point score signals that a large portion of the developer community shares the underlying frustration.

├── "Responsible disclosure was always a negotiated privilege, not a moral obligation"
│  └── top10.dev editorial (top10.dev) → read below

The editorial reframes the debate by pointing out that embargoes and credit were exchanged for valuable research work, not granted as a moral right of security researchers. Once one side of that trade stops delivering value — because LLMs can generate plausible reports for free — maintainers are under no ethical duty to keep upholding the other side.

└── "AI-generated vulnerability spam is a real, documented crisis straining the entire CVE ecosystem"
  └── top10.dev editorial (top10.dev) → read below

Citing Daniel Stenberg's year-plus of curl/HackerOne complaints, the Python Steering Council's reports, and NVD's 2024 analysis backlog, the editorial frames Valsorda's argument as the maintainer-side response to a structural problem. The volume of low-effort LLM submissions has degraded the entire coordinated disclosure system, not just individual inboxes.

What happened

Filippo Valsorda — who ran Go's cryptography for years and now maintains a portfolio of widely-used Go security libraries as a full-time open-source maintainer — published "Vulnerability reports are not special anymore" on his blog. The argument is short and surgical: the entire apparatus of "responsible disclosure" — private channels, embargo periods, pre-announcement coordination, CVE reservation dances — was built for a specific historical moment, and that moment is over.

Valsorda's core claim is that the word "security" has lost almost all of its signal value in an inbox, because the cost of generating a plausible-sounding vulnerability report has collapsed to roughly zero. Anyone with a free Claude or ChatGPT tab can paste a function, ask "is there a security issue here?", and forward whatever comes back to a maintainer's `security@` address with a straight face. The maintainer is then expected to drop everything, treat it as confidential, investigate within a ticking embargo window, and either confirm a CVE or politely explain why the model hallucinated a buffer overflow in a Python script.

The post lands in the middle of a year of maintainer complaints about the same pattern. Daniel Stenberg of curl has been documenting AI-generated vulnerability spam on HackerOne for over a year — at one point publicly threatening to ban any reporter who admits to using an LLM without verification. The Python Steering Council reported a similar surge. The CVE program itself has been straining: NVD's analysis backlog blew up in 2024, and 2025 has seen sustained pressure from low-quality submissions.

Why it matters

The deeper insight in Valsorda's piece is that responsible disclosure was always a *negotiated* privilege, not a moral law. Maintainers gave researchers special treatment — embargoes, credit, private comms — because researchers gave maintainers something valuable in return: a high-signal report from someone who had done real work. That trade only makes sense when the reporter's cost is high and the maintainer's cost of triage is comparable. AI has broken both sides of that ledger.

The asymmetry is now grotesque. A reporter spends 30 seconds prompting a model. The maintainer spends two hours reading the report, reproducing the alleged bug, writing a patient explanation of why `strcpy` in a comment is not actually a vulnerability, and closing the ticket. Multiply by a queue that no longer fits in one screen and you have a denial-of-service on the humans who actually patch software. The HN thread (359 points, climbing) is full of maintainers in agreement, with the loudest agreement coming from people who run security programs for a living.

There's also a structural point Valsorda makes that's worth pulling out. CVE numbers, embargo windows, and coordinated disclosure all assume a 1990s-shaped threat model: a specialized researcher finds a real flaw, the vendor needs time to ship a patch, and premature disclosure benefits attackers who weren't going to find it on their own. That model still applies to *some* reports — kernel zero-days, crypto primitive breaks, anything in the supply chain layer below your dependencies. But it does not apply to the median report landing in a maintainer's inbox in 2026, which is more likely to be a model's confabulation than a 0-day.

The practical proposal is to flip the default: treat every vulnerability report as a normal bug report, in public, on the normal issue tracker, until the reporter demonstrates that confidentiality is warranted. That demonstration is the reporter's job, not the maintainer's. If the report is real and serious, the reporter can prove it in five sentences. If it isn't, it gets triaged like any other low-priority bug and the maintainer's calendar survives.

What this means for your stack

If you run an open-source project, even a small one, the operational change is concrete. Take down the `security.md` boilerplate that promises a 90-day disclosure window and a private channel by default. Replace it with: "Open a regular GitHub issue. If you genuinely believe a private channel is needed, explain why in one sentence and we'll move it." You will instantly cut your triage load and you will not, in practice, lose any real reports — serious researchers know how to escalate.

If you run a corporate security program that *files* reports against open-source dependencies, this changes the social contract on your side. Sending an unverified LLM-generated finding to a volunteer maintainer is no longer free; it's a tax on someone else's time, and the community is increasingly willing to name the offenders. Your SAST tools and your AppSec interns need a verification step before anything goes upstream. "The model thinks this is exploitable" is not a report. A reproducing test case is.

There's a third group: bug bounty platforms. HackerOne and Bugcrowd have spent two years trying to filter AI slop with reputation systems and submission templates, and the results are mixed. The Valsorda argument suggests the platforms are solving the wrong problem — the fix isn't better filters, it's removing the premium that the "security report" label provides in the first place. A report worth reading should win attention on its merits, not on its envelope.

Looking ahead

The convention that vulnerability reports are special took roughly two decades to build, from RFPolicy in 2000 through the modern CVD frameworks. It will not unwind overnight, and there are categories — kernel, crypto, widely-deployed infrastructure — where the old discipline still pays for itself. But for the long tail of open-source projects, Valsorda is describing a shift that's already happening informally: maintainers are quietly stopping the white-glove treatment because the math no longer works. Expect the formal disclosure-policy templates from OpenSSF, GitHub, and the CVE program to follow within the year. The reporters who survive the transition will be the ones whose work has always spoken for itself.

Hacker News 359 pts 205 comments

Vulnerability reports are not special anymore

→ read on Hacker News

// share this

// get daily digest

Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.