Dan Goodin  

There's a ton of skepticism over the true value of AI-assisted vulnerability discovery, and with good reason. Maybe the new details Mozilla has revealed don't tip the scales in favor of it being beneficial, but people should at least sift through them in good faith and with an open mind before declaring all of them bullshit.

arstechnica.com/information-te

1+
Old Fucking Punk
Follow

@dangoodin LWN has an interesting article on this. lwn.net/SubscriberLink/1070698

One takeaway from both articles is that these tools can be used for good or bad, and that the LLM will only look for what it's told. Evaluation and fix is drinking from the fire hose, and while one team reports zero false positives, another may find a bigger number.

Is this help or an attempt to kill free software?

· Tootle · 0 · 0 · 0
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml