It takes some time for false positives to disappear (#26329)

Documentation for the following bug:

- #25898

Author: noahtalerman

articles/vulnerability-processing.md

@@ -25,6 +25,8 @@ Currently, only software names with all ASCII characters are supported. Vulnerab
 
 For Ubuntu Linux, kernel vulnerabilities with known variants (ie. `-generic`) are detected using OVAL. Custom kernels (unknown variants) are detected using NVD.
 
+If you find that Fleet is incorrectly marking software as vulnerable (false positive) or missing a vulnerability (false negative), please file a [bug](https://github.com/fleetdm/fleet/issues/new?template=bug-report.md). When false positives are fixed, it may take an hour for the false positive to dissapear after upgrading Fleet. 
+
 ## Sources
 
 Fleet combines multiple sources to get accurate and up-to-date CVE information: