← Back to context

Comment by 6thbit

13 hours ago

Now we have to wonder if they ran Mythos on their Calude source and it missed it or why they chose not to run it.

I do agree and wonder why that's not marked as security. In their security page [0] it says: > Since exploitability is not proven for many of the fixes we make, do not expect the relevant commit message to say "SECURITY FIX!".

Does that mean they considered it not to be exploitable?

[0] https://www.openbsd.org/security.html

1 comment

6thbit

Reply
eranation  13 hours ago

I really don't know, all I know is that usually when you find a critical vulnerability, and it's patched, it comes with a CVE, even a low one, that's the process for the past 27 years when the CVE program started (as old as the vulnerability itself it seems..) but maybe with AI-native, CVEs don't matter because everyone will just rewrite their clean room open source alternative (I wish this was a joke...)