The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all."
-
The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." #firefox #opensource
-
The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." #firefox #opensource
@glynmoody "the defects are finite" sounds like "nobody will ever need more than 640k of memory" to me.
-
The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." #firefox #opensource
@glynmoody right but … software is a stream, not in a static settled state. The likelihood of never introducing a new bug is zero.
…says he before reading the article. I should go do that.
-
@glynmoody "the defects are finite" sounds like "nobody will ever need more than 640k of memory" to me.
@floppy yes, probably a hostage to fortune
-
The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." #firefox #opensource
@glynmoody static code analysis found hundreds of bugs in open source projects previously. Finding "bugs" with tools like this is easier than fixing them and stopping new ones creeping in in later changes.
I believe several people have recently reported that AI bug reports have just changed from mostly slop to often useful.
-
@glynmoody static code analysis found hundreds of bugs in open source projects previously. Finding "bugs" with tools like this is easier than fixing them and stopping new ones creeping in in later changes.
I believe several people have recently reported that AI bug reports have just changed from mostly slop to often useful.
@drajt more eyes - even ai eyes - are better if reports are good
-
@drajt more eyes - even ai eyes - are better if reports are good
@glynmoody well the early reports sent to the #cURL team were mostly #AIslop and placed an excessive burden on them, so they banned #AI bug reports.
Code scanning has got better in the last few months and now can make interesting and useful insights, though not always security related. I believe the Linux kernel team have found quite a few bugs from recent AI submissions.
The biggest problem is the resources to fix them, many volunteers are overloaded already.
