Comment by cluckindan
1 day ago
Since this level of security ”scanning” requires heaps of money, this is going to kill off a substantial part of F/OSS.
1 day ago
Since this level of security ”scanning” requires heaps of money, this is going to kill off a substantial part of F/OSS.
Keep in mind that Opus detected most of these vulnerabilities, it just didn’t exploit them (says so much in the article).
I’m honestly not convinced this is changing the landscape significantly. It’s simple a bit better at self directing.
Well, maybe not... see Simon Willison's ongoing reporting [0] on all the bug reports for `curl` people are finding with LLMs.
Interesting to see them go from "DON'T GIVE US AI SLOP!" to "Wow, lots of actual bugs found, including [ed: at least one] bug found by two people!"
[0]: https://simonwillison.net/search/?q=curl
> Interesting to see them go from "DON'T GIVE US AI SLOP!" to "Wow, lots of actual bugs found, including [ed: at least one] bug found by two people!"
Both of those things can be true.
curl is both very high-profile and very security-central though. A lot of people would happily pay $100 to tuck "found a curl vulnerability" under their belt. I'm not sure that's even true for, say, Notepad++, much less all the random FOSS projects with 1 maintainer and 50 stars whose names I've never thought about twice.