I’m skeptical of this. The primary maintainer of curl said that all of their AI bug submissions have been bunk and wasted their time. This seems like a lucky one-off rather than anything substantial.
I meant one-off that it worked on this code base rather than how many times it found the issue. I don’t expect it to work eight out of a hundred times on any and all projects.
this summarizes most cases of ai “success”. people see generative ai generating good results once and then extrapolate that they’re able to consistently generate good results, but the reality is that most of what it generates is bullshit and the cases of success are a minority of the “content” ai is generating, curated by actual people
Curated by experts, specifically. Seeing a lot of people use this stuff and flop, even if they’re not doing it with any intention to spam.
I think the curl project gets a lot of spam because 1) it has a bug bounty with a payout and 2) kinda fits with CVE bloat phenomenon where people want the prestige of “discovering” bugs so that they can put it on their resumes to get jobs, or whatever. As usual, the monetary incentive is the root of the evil.
I’m skeptical of this. The primary maintainer of
curlsaid that all of their AI bug submissions have been bunk and wasted their time. This seems like a lucky one-off rather than anything substantial.Of course, if you read the article you’ll see that the model found the bugk 8 out of 100 attempts.
It was prompted what type of issue to look for.
I meant one-off that it worked on this code base rather than how many times it found the issue. I don’t expect it to work eight out of a hundred times on any and all projects.
this summarizes most cases of ai “success”. people see generative ai generating good results once and then extrapolate that they’re able to consistently generate good results, but the reality is that most of what it generates is bullshit and the cases of success are a minority of the “content” ai is generating, curated by actual people
Curated by experts, specifically. Seeing a lot of people use this stuff and flop, even if they’re not doing it with any intention to spam.
I think the curl project gets a lot of spam because 1) it has a bug bounty with a payout and 2) kinda fits with CVE bloat phenomenon where people want the prestige of “discovering” bugs so that they can put it on their resumes to get jobs, or whatever. As usual, the monetary incentive is the root of the evil.