First of all, *most* of FOSS security reports nowadays (that I see in #curl and #apache httpd) are non-threatening.
-
First of all, *most* of FOSS security reports nowadays (that I see in #curl and #apache httpd) are non-threatening.
They are edge cases under highly constructed preconditions. Yes, not impossible, but unlikely to be ever encountered.
Before LLMs, no researcher would have invested the time to explore those scenarios. my guess.
Yes, we fix them. But, they could also have been a bug report.
β
οΈ -
First of all, *most* of FOSS security reports nowadays (that I see in #curl and #apache httpd) are non-threatening.
They are edge cases under highly constructed preconditions. Yes, not impossible, but unlikely to be ever encountered.
Before LLMs, no researcher would have invested the time to explore those scenarios. my guess.
Yes, we fix them. But, they could also have been a bug report.
βοΈ@icing after twenty or thirty years, the really scary stuff has probably already been found in anything popular. (Probably.)
-
R relay@relay.publicsquare.global shared this topic
S stefano@mastodon.bsd.cafe shared this topic
