daniel:// stenberg://16h ago
The AI slop security reporting is basically extinct. It almost does not happen anymore. At all.
Show threaddaniel:// stenberg://16h ago

I want to emphasize this because when I talk about AI security reports now, half my readers seem to believe those are AI slop. They're not. They are found with AI tools and normally high quality bug reports.

The weakest part is that they tend to overstress the vulnerability angle. Lots of them are well phrased bug reports that are still "just bugs".

Show threadMike Fiedler, Code Gardener
@bagder you're lucky. I got 30+ yesterday. 1 was kind of credible. The others were effectively documented behaviors of projects.
There's still little to no consequences for wasting time - I've been thinking about the "name and shame" approach you have, maybe that helps change the behavior?
10:34amWeb