I've been helping to investigate a few LLVM and Rust bugs recently, and I keep running into pet peeves with how these bugs are reported, so I'm going to put together some #RulesForBugFiling
I don't want to discourage anyone from filing a bug, please do! But... be aware with how you represent the issue that you're seeing.
I also know that there are folks on here who are vastly more knowledgeable than I am, so feel free to suggest corrections, perhaps by filing some sort of report...
If you're going to claim something is a security issue, please explain what the attacker has gained by exploiting the bug. That is, what they can now do they couldn't before.
The more specific you can be on when a regression occurred, the better. A range of versions is good, a single version is great, a single commit is amazing.
Tools like git bisect are really helpful for this.
Providing a standalone example that reproduces the issue so that someone else can do that work is also great, with the bonus that it can be added to the regression tests.