Mikael Barbero: The Vulnerability Report Is Dead. Long Live the Prompt! (opens in new tab)

For years, maintainers have asked security reporters for a fairly reasonable thing: reproduction steps. Not a vibe. Not a screenshot from a scanner. Not a majestic wall of speculative prose explaining how “an attacker could maybe possibly exploit this under unspecified conditions.” Just the steps. What did you do? What happened? What should have happened instead? Can I reproduce it before I spend my Saturday afternoon spelunking through a dependency graph held together by hope and YAML? This ...