|
|
|
|
|
|
by mccr8
100 days ago
|
|
|
The bugs that were issued CVEs (the Anthropic blog post says there were 22) were all real security bugs. The level of AI spam for Firefox security submissions is a lot lower than the curl people have described. I'm not sure why that is. Maybe the size of the code base and the higher bar to submitting issues plays a role. |
|
|
Further browsers have a much larger surface area for even minor fuzzing bugs. Curl's much smaller surface area is already well fuzzed and tested.
Chrome has better fuzzing and tests too. Firefox has had fewer resources compared to Google ofc, so understable.
Ofc not saying it wasn't good. But given the LLM costs I find it hard believe it was worth it, compared to just better and more innovative fuzzing which would possibly scale better.