Comment by chris_st

1 day ago

Well, maybe not... see Simon Willison's ongoing reporting [0] on all the bug reports for `curl` people are finding with LLMs.

Interesting to see them go from "DON'T GIVE US AI SLOP!" to "Wow, lots of actual bugs found, including [ed: at least one] bug found by two people!"

[0]: https://simonwillison.net/search/?q=curl

2 comments

chris_st

Reply
kelnos  21 hours ago

> Interesting to see them go from "DON'T GIVE US AI SLOP!" to "Wow, lots of actual bugs found, including [ed: at least one] bug found by two people!"

Both of those things can be true.

SpicyLemonZest  1 day ago

curl is both very high-profile and very security-central though. A lot of people would happily pay $100 to tuck "found a curl vulnerability" under their belt. I'm not sure that's even true for, say, Notepad++, much less all the random FOSS projects with 1 maintainer and 50 stars whose names I've never thought about twice.