Conversation

Notices

1. Embed this notice
   Tim Schlotfeldt ⚓ ? (ts-new@hub.tschlotfeldt.de)'s status on Monday, 09-Dec-2024 20:46:35 JST Tim Schlotfeldt ⚓ ?
   #Slop is low-quality media - including writing and images - made using generative artificial intelligence technology.
   Source: Wikipedia.
   
   Open source projects have to deal with a growing number of low-quality vulnerability reports based on AI. See for example this comment from Daniel Stenberg, maintainer of #Curl:
   
   I'm sorry you feel that way, but you need to realize your own role here. We receive AI slop like this regularly and at volume. You contribute to unnecessary load of curl maintainers and I refuse to take that lightly and I am determined to act swiftly against it. Now and going forward.
   
   You submitted what seems to be an obvious AI slop "report" where you say there is a security problem, probably because an AI tricked you into believing this. You then waste our time by not telling us that an AI did this for you and you then continue the discussion with even more crap responses - seemingly also generated by AI.
   
   Read more at HackerOne: Buffer Overflow Risk in Curl_inet_ntop and inet_ntop4.
   
   #opensource #AI #LLM #Spam
   • Haelwenn /элвэн/ :triskell: likes this.
   • Rich Felker repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 09-Dec-2024 20:50:46 JST Rich Felker

     in reply to

     @ts-new Bug bounty programs need to require deposits of at least $100, forfeit if the report is determined to be bad-faith (AI generated or non analyzed output of vuln scanning, static analysis, etc. tooling).

     Haelwenn /элвэн/ :triskell: likes this.