Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’

cross-posted from: https://lemmy.zip/post/64538696

Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’

  • disorderly@lemmy.world
    48·
    12 days ago

    If this really is the token burn future that the AI bros want, then why does it seem like such a disorganized, leaderless clusterfuck? Why has no one developed the “AI-native vulnerability reporting framework” to not destroy the most critical projects in FOSS?

    It all seems terribly shortsighted. If Linux is affected, then a hundred other projects are on the ropes.

    • maegul (he/they)@lemmy.mlEnglish
      14·
      12 days ago

      Yea, I fear for the future of open source. There may be some asymmetries built into LLM tech and its uses that simply undercuts the FOSS system as we know it.

        • maegul (he/they)@lemmy.mlEnglish
          3·
          11 days ago

          Basically, yea. As sometimes BS is right enough to find a vulnerability, but rarely good enough to patch it, kinda like finding a small leak compared to metal being welded to cover it.

      • RobertoOberto@sh.itjust.works
        6·
        11 days ago

        They don’t even have to be intentionally built in. Anything that generates unnecessary work for FOSS volunteers is a win for proprietary software companies.

        Even an easy to use and well-built tool that produces good results would result in mailing list and bug report noise simply because people like to contribute. If we set aside those who are just trying to pad their resume with open source contributions and bad actors trying disrupt FOSS projects, we’re still left with a lot of well-intentioned, mostly inexperienced devs generating duplicate and/or invalid reports and requests.

        Since the current state of AI tools certainly does not produce consistently good results, I don’t think organizations that are hostile to FOSS projects actually need to do anything at all for them to be disruptive. Just make their shitty tools accessible and other people will significantly contribute to maintainer burnout without even intending to.