sanitation@lemmy.radio to Technology@lemmy.worldEnglish · 2 days agoLinus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’www.theregister.comexternal-linkmessage-square79linkfedilinkarrow-up1427arrow-down16cross-posted to: pcmasterrace@lemmy.world
arrow-up1421arrow-down1external-linkLinus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’www.theregister.comsanitation@lemmy.radio to Technology@lemmy.worldEnglish · 2 days agomessage-square79linkfedilinkcross-posted to: pcmasterrace@lemmy.world
minus-squarefruitycoder@sh.itjust.workslinkfedilinkEnglisharrow-up1·10 hours agoIf a public tool can find a CVE in minutes to hours, it doesn’t matter if some of the people using signed an NDA. All it takes is someone how isn’t going to report it to also find and exploit it So the exploitation window doesn’t start when it is reported it started at when the tool could have found it
minus-squarereksas@sopuli.xyzlinkfedilinkEnglisharrow-up1·8 hours agollm sure have made world more shitty place…
minus-squarefruitycoder@sh.itjust.workslinkfedilinkEnglisharrow-up1·4 hours agoI mean the alternitive, in this case, was security through obscurity, in which these exploits existed, could be reversed for years, and no one else would know .
If a public tool can find a CVE in minutes to hours, it doesn’t matter if some of the people using signed an NDA.
All it takes is someone how isn’t going to report it to also find and exploit it
So the exploitation window doesn’t start when it is reported it started at when the tool could have found it
llm sure have made world more shitty place…
I mean the alternitive, in this case, was security through obscurity, in which these exploits existed, could be reversed for years, and no one else would know .