Comment by simonw
14 days ago
You're posting this comment on a thread attached to an article where Filippo Valsorda - a noted cryptography expert - used these tools to track down gnarly bugs in Go cryptography code.
14 days ago
You're posting this comment on a thread attached to an article where Filippo Valsorda - a noted cryptography expert - used these tools to track down gnarly bugs in Go cryptography code.
They're also using "AI SAST tools", which: I would not expect anything branded as a "SAST" tool to find interesting bugs. SAST is a term of art for "pattern matching to a grocery list of specific bugs".
ZeroPath for example brands itself as "AI" SAST. I agree that these tools do not find anything interesting.
These are not "gnarly bugs".
They're not?
100% reproducible deterministic bugs are absolutely the easiest class of bugs.