From nobody Thu May  7 13:46:47 2026
X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gBD7c6LyGz6cKM2
	for <dev-commits-doc-all@mlmmj.nyi.freebsd.org>; Thu, 07 May 2026 13:46:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gBD7c5nH1z470k
	for <dev-commits-doc-all@FreeBSD.org>; Thu, 07 May 2026 13:46:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1778161612;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VFKRBAwA2sMB3dGSJIq3R0j5oXFAeFJz9i+m88NACrE=;
	b=aJLE6CMkP4m9vEuMm8svDxds0+vT6oi9inOxpI+JO7qGVF9TEI4I7jVDZbhDBAJFiLX8x7
	rBBOITW+oSodEzklHoRNEjzomZbGC26k64HfpJJXKFp96JyI2sP0GFCuTRmkRZAD+o7NeS
	8QEkmYTojQId8dpLqE3PxZ27Vf/03v0x6N8wAdCLyZG0oJhEu36GzNxAkT9BfjFX77g+fE
	8NtlFYtuw89Y2qQG3Mh2qH+hfqQeFEH9YtiTJR8hzGIObJB3/M5o1j1iRQXk8RIujOjSdR
	z1JQV36iCUH1ld0lU46kc+z/UlexylmwHTxt1ZJLUT5gkgHEQVBP7jUC3td/uA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1778161612; a=rsa-sha256; cv=none;
	b=d1795P3aFQ/IFxFYqU79fSbbFCcLotoJ2QJ2m/jENBc6hIplEL28s4tyKO1BZVO+TfScEr
	/yzHkrcGCZ2BCnT0bFxt7G5XhBXl0moEo60ZvqB3mH41s6po/blQWBqtqS83hji2k8xRKd
	/udODBriI+02nNraiMiAqN2WhTzbugXcO8Kh8FoOHpOxydWvq7vaDoPnzubTAQjjIxw7Py
	6ciyZGLm6/malCW7u+XpoyjVO4XqFFh+7woxVSOtIAPzIIytPhfL9/iD/9fs5cuYZRGZEl
	qwF7vxxaBI/WVg1F1jfZVpEXMMOXNg+1alsHHkx4SaG8V8XSwufHawTLiyzgTA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1778161612;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VFKRBAwA2sMB3dGSJIq3R0j5oXFAeFJz9i+m88NACrE=;
	b=yE4/m8uUPQJFsXNa0SVAzKtJ/ldemWjAQ42sPYO1hlDU8GlMxg+5ZgsZEtLI8KzT5L3pXN
	Arik0Aj9ii3YwLGbikLOCt4KLSpoKyU8IxUMWcvhpo1+mbgPQeyJddXrQk5GqggMGa+pa4
	xcx3sZ1kB+JMm6MPNbUyrBgCDngr2VmD9F7ZrZEhyS7rF8EOuUss/2cQpKnviIGujjjxOA
	WMWwktCNQdxHcv1AZV/Dv0h8qBsNCWwpzCgE2IPBf68TGz3FGHNhJhXz4DworsiFTbKfcE
	tYxHN16XkK7obTlKLrEZAFgi0mm6sWaRLfvLKovucHHQT242lm75SYCu3I1mCg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gBD7c5JZFzD12
	for <dev-commits-doc-all@FreeBSD.org>; Thu, 07 May 2026 13:46:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 1d924
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 07 May 2026 13:46:47 +0000
To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: cbd9256f85 - main - Vulnerability reporting: Ask for more information
List-Id: Commit messages for all branches of the doc repository <dev-commits-doc-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all
List-Help: <mailto:dev-commits-doc-all+help@freebsd.org>
List-Post: <mailto:dev-commits-doc-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-doc-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-doc-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-doc-all@freebsd.org
Sender: owner-dev-commits-doc-all@FreeBSD.org
List-Id: <dev-commits-doc-all.FreeBSD.org>
List-Post: <mailto:dev-commits-doc-all@FreeBSD.org>
List-Help: <mailto:dev-commits-doc-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-doc-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-doc-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: doc
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: cbd9256f85402c9710ee100a2d0b886d253deb5b
Auto-Submitted: auto-generated
Date: Thu, 07 May 2026 13:46:47 +0000
Message-Id: <69fc97c7.1d924.348c9d23@gitrepo.freebsd.org>

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/doc/commit/?id=cbd9256f85402c9710ee100a2d0b886d253deb5b

commit cbd9256f85402c9710ee100a2d0b886d253deb5b
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2026-05-06 20:23:59 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-05-07 13:46:16 +0000

    Vulnerability reporting: Ask for more information
    
    - Extend "Example code" to reference PoC explicitly
    - Preferred "Credits" attribution
    - AI use
    
    Reviewed by:    markj, oshogbo
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D56861
---
 website/content/en/security/reporting.adoc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/website/content/en/security/reporting.adoc b/website/content/en/security/reporting.adoc
index 1331f85dad..f38df608ab 100644
--- a/website/content/en/security/reporting.adoc
+++ b/website/content/en/security/reporting.adoc
@@ -27,7 +27,9 @@ All reports should contain at least:
 * A description of the vulnerability.
 * What versions of FreeBSD seem to be affected if possible.
 * Any plausible workaround.
-* Example code if possible.
+* Example code if possible, including a minimal, self-contained proof of concept (PoC) where feasible.
+* The reporter's preferred form of attribution for the "Credits" line in any resulting Security Advisory, if desired.
+* Whether any automated tools or artificial intelligence systems were used as part of the discovery process, and if so, which tools or models.
 
 Whenever possible, including the background, problem description, impact, and workaround (if applicable) using the templates for link:../advisory-template.txt[security advisories] and link:../errata-template.txt[errata notices] as appropriate would also be helpful.