Update FAQ
diff --git a/FAQ b/FAQ
index e1b04a5..9543e4a 100644
--- a/FAQ
+++ b/FAQ
@@ -738,6 +738,7 @@
to identify one, drop optimization level, e.g. by editing CFLAG line in
top-level Makefile, recompile and re-run the test.
+
* I think I've found a bug, what should I do?
If you are a new user then it is quite likely you haven't found a bug and
@@ -746,6 +747,11 @@
unsure whether it is a bug or not submit a query to the openssl-users mailing
list.
+If you think you have found a bug based on the output of static analysis tools
+then please manually check the issue is genuine. Such tools can produce a
+LOT of false positives.
+
+
* I'm SURE I've found a bug, how do I report it?
Bug reports with no security implications should be sent to the request
