id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35612	"Emphasise user responsibility within ""Reporting security issues"" to detail invalid reports"	Sarah Boyce	Sarah Boyce	"When reporting a potential security vulnerability, the user's code must follow security best practices. A user has a responsibility to follow best practices and Django does not mitigate against when a user has introduced a vulnerability themselves (a common example being forgetting to sanitize user input). That an AI tool^[#note1 1]^  can generating insecure code doesn't change this user responsibility.

Having this explicitly documented aims to help improve the quality of reports and/or reduce the amount of time to reply to invalid reports which follow this pattern.

Maybe a note in [https://docs.djangoproject.com/en/dev/internals/security/#reporting-security-issues reporting security issues] that highlights which also links to the [https://docs.djangoproject.com/en/5.0/topics/security/ security topic] is an idea.

----

[=#note1 1]. For context, there was an occasion where a reporter suggested a report is valid because ""even ChatGPT"" has generated insecure code"	Cleanup/optimization	closed	Documentation	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0