daniel:// stenberg://1d ago

If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project.

(I'd like to make a little list for my coming talk on this.)

Show threadfightbackman1d ago
@bagder reverse question: do you/anyone know which tooling they are using to generate high quality reports and findings?
Show threaddaniel:// stenberg://1d ago
@fightbackman no, but my impression is that a lot of it is made with Claude code and various adaptations on top of that
Show threadgoedelchen

@bagder @fightbackman So Carlini, the Anthropic guy, is not just a salesman? Serious question.

For me it's still open how much of a flood of reports should be expected.

Apr 7 at 11:40amWeb