Process for AI discovered vulns
(1) By Rico Mariani (rmariani) on 2026-06-02 17:30:22 [source]
Apologies if this has been asked and answered I couldn't find anything.
Have the maintainers announced a position on how they will (or will not) participate in general open source remediation efforts for AI vulns? Any change of submission process or variation in how they'd like proposed fixes?
In my area there is quite a bit of SQLite usage so I'd like to be able to give them clear guidance on what you've decided to do.
Thank you,
-Rico
(2) By Spindrift (spindrift) on 2026-06-02 17:34:56 in reply to 1 [link] [source]
You mean like this?
(3) By Rico Mariani (rmariani) on 2026-06-02 17:37:26 in reply to 2 [link] [source]
Yes thank you that's very helpful!
Any other process changes?
(4) By Richard Hipp (drh) on 2026-06-02 17:49:29 in reply to 3 [link] [source]
There is now an AGENTS.md in the source tree.
(5) By Rico Mariani (rmariani) on 2026-06-02 17:59:34 in reply to 4 [link] [source]
ok cool I will say basically this:
- they added AGENTS.md to help any agents succeed in producing useful patches
- the have a special bugs forum for ai generated bugs https://sqlite.org/bugs/forum
- otherwise they are using their normal mechanisms