diff options
| author | Willy Tarreau <w@1wt.eu> | 2026-05-09 12:47:54 +0300 |
|---|---|---|
| committer | Jonathan Corbet <corbet@lwn.net> | 2026-05-12 20:09:14 +0300 |
| commit | a03ef333fbd6cd861c8457c3d055ee3643a9baad (patch) | |
| tree | d262316dd105dadca11f8400782471ce01a2e484 /drivers | |
| parent | aed3c3346765e4317bb2ec6ff872e1c952e128ab (diff) | |
| download | linux-a03ef333fbd6cd861c8457c3d055ee3643a9baad.tar.xz | |
Documentation: security-bugs: explain what is and is not a security bug
The use of automated tools to find bugs in random locations of the kernel
induces a raise of security reports even if most of them should just be
reported as regular bugs. This patch is an attempt at drawing a line
between what qualifies as a security bug and what does not, hoping to
improve the situation and ease decision on the reporter's side.
It defers the enumeration to a new file, threat-model.rst, that tries
to enumerate various classes of issues that are and are not security
bugs. This should permit to more easily update this file for various
subsystem-specific rules without having to revisit the security bug
reporting guide.
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Leon Romanovsky <leon@kernel.org>
Suggested-by: Leon Romanovsky <leon@kernel.org>
Suggested-by: Greg KH <gregkh@linuxfoundation.org>
Reviewed-by: Leon Romanovsky <leon@kernel.org>
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Message-ID: <20260509094755.2838-3-w@1wt.eu>
Diffstat (limited to 'drivers')
0 files changed, 0 insertions, 0 deletions