oss-sec mailing list archives

Re: Coordinated Disclosure in the LLM Age

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 20 May 2026 10:52:37 -0700

On 4/28/26 07:58, Jeremy Stanley wrote:

I'm sorely tempted, both due to the increased volume and the risk of prematuredisclosure, to just assume that any vulnerability reported as a result ofresearch using an LLM is trivially discoverable by others, and give up trying topretend there's any point to working it under embargo.


Other maintainers under similar floods seem to agree:

Linux kernel:
 - https://lkml.org/lkml/2026/5/17/896
 - https://docs.kernel.org/process/security-bugs.html

DNS servers (BIND, Unbound, PowerDNS):
- https://indico.dns-oarc.net/event/56/contributions/1233/
- https://indico.dns-oarc.net/event/56/contributions/1233/attachments/1180/2539/presentation.pdf

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Current thread:

Re: Coordinated Disclosure in the LLM Age, (continued)
- - - Re: Coordinated Disclosure in the LLM Age Greg KH (May 16)
    - Re: Coordinated Disclosure in the LLM Age Demi Marie Obenour (May 15)
  - Re: Coordinated Disclosure in the LLM Age Clemens Lang (Apr 29)
    - Re: Coordinated Disclosure in the LLM Age Greg KH (Apr 30)
- Re: Coordinated Disclosure in the LLM Age Lucas Holt (Apr 29)
  - Re: Coordinated Disclosure in the LLM Age Jeremy Stanley (Apr 29)
  - Re: Coordinated Disclosure in the LLM Age Brian May (Apr 29)
- Re: Coordinated Disclosure in the LLM Age Tim Shephard (May 11)
  - Sv: Coordinated Disclosure in the LLM Age Markus Klyver (May 15)
    - Sv: Coordinated Disclosure in the LLM Age ROI AI (May 15)
- Re: Coordinated Disclosure in the LLM Age Alan Coopersmith (May 20)