Signal-To-Noise And Duplication In Vulnerability Reporting

Issue 93 Edition 2026-04-03 4 min read

Not accepted General

Sources: 1 • Confidence: Medium • Updated: 2026-04-12 10:00

Key takeaways

Most recent kernel security list reports are correct.
Kernel security list report volume rose from roughly 2–3 reports per week (about two years ago) to about 10 reports per week (over the last year).
The increased kernel security list report volume has required bringing in additional maintainers to help.
Duplicate kernel security reports now occur daily, which Willy Tarreau says did not happen before.
Willy Tarreau attributes the increase in kernel security list reports primarily to AI-generated low-quality submissions rather than a change in underlying security reality.

Most recent kernel security list reports are correct.
Duplicate kernel security reports now occur daily, which Willy Tarreau says did not happen before.
Willy Tarreau attributes the increase in kernel security list reports primarily to AI-generated low-quality submissions rather than a change in underlying security reality.

Kernel security list report volume rose from roughly 2–3 reports per week (about two years ago) to about 10 reports per week (over the last year).
The increased kernel security list report volume has required bringing in additional maintainers to help.

What fraction of kernel security list reports are confirmed valid, and how has that fraction changed over the same time window as the reported volume increase?
What operational definition or observable markers are being used to label submissions as AI-generated and/or low-quality?
What is the duplicate rate over time (e.g., duplicates per day/week), and what portion of total reports do duplicates represent?
What specific resourcing changes were made (how many additional maintainers, for what responsibilities, and with what effect on backlog/response times)?
To what extent are duplicates caused by independent discovery of the same bug versus re-reporting/reshaping of an already-known issue?

AI generated low quality vulnerability submissions may be increasing triage workload for kernel related security lists, shifting effort toward filtering and deduplication rather than analysis.
Rising duplicate reports could increase operational costs for projects and vendors that monitor and respond to kernel security lists, potentially lengthening response times and backlog.

Published metrics showing sustained increase in kernel security list inbound reports and a rising share classified as duplicates over time.
Evidence of expanded maintainer or triage staffing and tooling changes aimed at filtering low quality or AI generated submissions, with reported effects on backlog or response times.
Data indicating stable or declining confirmed valid report fraction despite higher volume, consistent with increased noise rather than increased underlying vulnerability incidence.

Metrics showing the confirmed valid fraction rising with volume, implying the surge reflects real vulnerability discovery rather than noise.
Duplicate rate remaining flat when measured consistently over time, contradicting the claim that daily duplicates are new.
Clear attribution that most duplicate and low quality reports come from independent discovery or process changes rather than AI generated submissions.