| ▲ | rockdoe 6 hours ago | |
How many of those are false positives though? Probably just over 5000? You get bug bounties if you report the kind of bugs Mythos identified. There's a reason no-one collected bounties from the "5000 defects" Coverity identified. The Mythos reports have several examples of chaining a whole bunch of logic in different parts of the program together to exploit something very subtle. The Coverity reports aren't anything like that. These tools aren't remotely in the same league or even universe. | ||
| ▲ | IainIreland 5 hours ago | parent | next [-] | |
Yeah, fuzzing, sanitizers, and bug bounties were our main pre-AI tools for finding bugs. | ||
| ▲ | MetaverseClub 5 hours ago | parent | prev [-] | |
it's just sad that Coverity represents the best working C++ static analysis tool. | ||