I know many people are sending AI slop to software maintainers and demanding they found vulnerabilities. There are idiots who submit the output of dumb security scanners as bug reports. The guy this article is talking about actually does the work though.
I have so many bugs in the Linux kernel that I can’t report because I haven’t validated them yet… I’m not going to send [the Linux kernel maintainers] potential slop, but this means I now have several hundred crashes that they haven’t seen because I haven’t had time to check them.
He may still be an idiot who doesn’t understand what a plausible, real world attack scenario is, but he is at least verifying these things himself before sending any reports to maintainers.
I know many people are sending AI slop to software maintainers and demanding they found vulnerabilities. There are idiots who submit the output of dumb security scanners as bug reports. The guy this article is talking about actually does the work though.
> I have so many bugs in the Linux kernel that I can’t report because I haven’t validated them yet… I’m not going to send [the Linux kernel maintainers] potential slop, but this means I now have several hundred crashes that they haven’t seen because I haven’t had time to check them.
He may still be an idiot who doesn’t understand what a plausible, real world attack scenario is, but he is at least verifying these things himself before sending any reports to maintainers.