communication

I fully agree with this comment: we need to tone down the language. If security researchers are professionals and intend to collaborate with maintainers, then sensationalism has no place in the discourse.

Relatedly, the security researchers want and deserve respect. But, it's hard to separate the wheat from the chaff and unfortunately the wheat to chaff ratio is very low. The Sequoia project receives multiple vulnerability reports per week. (This is partially because we have a bug bounty program, but a lot of reports are not submitted via the bug bounty program.) The reports are mostly convincing and invalid. This is because almost all---both the valid and the invalid ones!---are generated using AI. I simply cannot respond to most of them.