High Quality chaos (a slide from a talk I do next week on this topic)

bagder@mastodon.social

High Quality chaos (a slide from a talk I do next week on this topic)

ftranschel@norden.social

@bagder In your professional opinion (I have my own hypotheses), how much of that is due to AI *finding* CVEs and how much is due to AI *introducing* them in the first place? ^^

bagder@mastodon.social

@ftranschel these tools find vulns in all code, but of course the worse code it is the more problems they will find...

unixbhaskar@mastodon.social

@bagder Ah, looks like two scenarios

One, big shops are desperate to show their name on record .

Second, they are fixing their self-introduced bugs....heck.

Bonus, these monkeys never learn to maintain open source...irks

Sigh....they are serios time-grabber ...meh

luatic@mastodon.social

@bagder wonder what the severity distribution is like; is there a similarly significant increase in high severity vulnerabilities?

wolf480pl@mstdn.io

@bagder
> Firefox fixes 271 vulnerabilities

so like I'm a noob, but

I remember Firefox getting a security fix every week or so, to the point I got desensitized to the security-announce mailing list of the distro I was using.

Does 271 more vulns make a big difference at that point?

spacelifeform@infosec.exchange

@bagder

Most of them are not serious. But the AI hype must proceed.

No word from Google regarding Android?

soviut@hachyderm.io

@bagder I feel like some of these figures can be gamed since you can vibe code a LOT of bugs/vulnerabilities into a project then turn around and claim you're fixing more bugs than ever.

Sorry to be cynical, but it's the first thing that came to mind these days when I saw this slide.

bagder@mastodon.social

Wireshark: more than 40 CVEs in last release ...