Lee Duna@lemmy.nz to Technology@lemmy.worldEnglish · 12 hours agoGentoo Linux Begins Codeberg Migration In Moving Away From GitHub, Avoiding Copilotwww.phoronix.comexternal-linkmessage-square59fedilinkarrow-up1672arrow-down11cross-posted to: linux@programming.dev
arrow-up1671arrow-down1external-linkGentoo Linux Begins Codeberg Migration In Moving Away From GitHub, Avoiding Copilotwww.phoronix.comLee Duna@lemmy.nz to Technology@lemmy.worldEnglish · 12 hours agomessage-square59fedilinkcross-posted to: linux@programming.dev
minus-square🎇sparkles✨@lemy.lollinkfedilinkEnglisharrow-up3arrow-down11·4 hours ago reporting security issues Is this not an advantage? If AI can find new security vulnerabilities reliably?
minus-squareWhyJiffie@sh.itjust.workslinkfedilinkEnglisharrow-up12·4 hours agohttps://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/
minus-squarejjagaimo@sh.itjust.workslinkfedilinkEnglisharrow-up12·4 hours agoIt often makes up non existent vulnerabilities. I think it was curl getting flooded with fake vulnerability reports which drowns out real reports, esp because it can take time to parse through the code or run the poc
minus-squarebananabread@lemmy.ziplinkfedilinkEnglisharrow-up7arrow-down2·4 hours agoOr it could introduce new ones :)
minus-squareeronth@lemmy.worldlinkfedilinkEnglisharrow-up2arrow-down4·3 hours agoYeah, but you can have it scan without implementing.
Is this not an advantage? If AI can find new security vulnerabilities reliably?
It cannot
https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/
It often makes up non existent vulnerabilities. I think it was curl getting flooded with fake vulnerability reports which drowns out real reports, esp because it can take time to parse through the code or run the poc
Or it could introduce new ones :)
Yeah, but you can have it scan without implementing.