daniel:// stenberg://3d ago

There is virtually **no** AI slop security reports anymore submitted about #curl. They don't seem to happen any longer.

Almost everyone still uses AI though.

Show thread🪨2d ago
@bagder This is great news, but how much extra work and attention do these bug reports submitted as security reports give you, compared to having them as issues on GitHub? I see that most of the recent reports are non applicable as security reports, and while they may now all find real issues (of varying degrees), I assume security reports still take a higher priority and more attention for the team?
Show threaddaniel:// stenberg://2d ago
@Varpie yeah, the challenge is that they are *suspected* vulnerabilities which forces us to keep them secret while being assessed, and that is what makes them specially burdensome.
Show threadStefan Eissing
@bagder @Varpie If the whole „responsible disclosure“ thing came crashing down, I wouldn‘t shed a tear.💁🏻‍♂️
Apr 6 at 6:06amWeb