Stefan EissingApr 4

The security reporting situation that I see at the ASF and in #curl is

- huge increase in reports
- increase of valid reports
- appearance of duplicate/triplicate reports of the same issue by different people

A high profile project needs to deal with 2-4 new reports each day. This is nuts.

One *may* hope this to go down again later this year bc
- unhallucinated issues are finite (see the fuzzing wave)
- eventually it will cost real money to generate these reports

Show thread@[email protected]Apr 4
@icing I almost, but not quite yet, see a market for CAPTCHA programming challenges that are trivial for a human but will cause LLMs to choke. 🤢
Show threadStefan Eissing
@unixtippse It's actual humans submitting those, using LLM tools. And they find valid bugs.
Apr 4 at 8:29amWeb