Stefan Eissing3d ago

The security reporting situation that I see at the ASF and in #curl is

- huge increase in reports
- increase of valid reports
- appearance of duplicate/triplicate reports of the same issue by different people

A high profile project needs to deal with 2-4 new reports each day. This is nuts.

One *may* hope this to go down again later this year bc
- unhallucinated issues are finite (see the fuzzing wave)
- eventually it will cost real money to generate these reports

Show threadNils Goroll 🕊️

@icing i am not sure if my mental model of what is happening in the "useful llms" corner is adequate, but i lean towards "if you look you will find": if llms stir up potential candidates for security issues, attention shifts towards improvements.

in this way i think your reference to the fuzzing wave is helpful, as presumably it was driven by the same overall principle. #llm

Apr 4 at 11:56amWeb