|
|
|
|
|
|
by latexr
81 days ago
|
|
|
> I'm curious whether the security community thinks more non-specialists finding and reporting vulnerabilities like this is a net positive or a headache? cURL had to stop the bug bounty program because they were inundated by slop reports of vulnerabilities which don’t exist. https://github.com/curl/curl/pull/20312 It’s good that you found and reported something real, but that isn’t the norm. Also, from the article: > AI tooling has sped up not just the creation of malware but also the detection. That’s an awful tradeoff. Detection is not a fix. |
|
|