| ▲ | cduzz 9 hours ago | |||||||
If the AI is awesome at identifying security bugs in the linux kernel, it likely can also identify if the thing it's found is similar to something that is already found in the security mailing list? Or, put another way -- what flags the duplicate? The filer or the system? If my cheese factory is measured by the volume of cheese instead of the quality, I'll churn out the cheese even if it's sloppy duplicated cheese. And that is the case if a person has to flag a new ticket as "same as this" or not. What's that law that says that any sufficiently large problem turns into a moderation problem? | ||||||||
| ▲ | crote 9 hours ago | parent | next [-] | |||||||
The problem is that the tech companies are paying their research/marketing departments for headlines that go "Researcher uses powerful new Saga 6.2 release to find 597 kernel vulnerabilities! (Can your company afford NOT getting their $1000/month subscription?)", not for headlines that go "Researcher spends $50.000 to find 597 bugs, then spends $25.000 figuring out 540 of them are duplicates". Unless the kernel community starts banning & publicly shaming repeat offenders, there's zero incentive for them to put any effort in filtering out duplicates. They are mostly doing it for marketing after all, not out of a genuine interest in making the kernel better. | ||||||||
| ▲ | fiedzia 8 hours ago | parent | prev | next [-] | |||||||
> it likely can also identify if the thing it's found is similar to something that is already found in the security mailing list? It can not because this mailing list is not public. | ||||||||
| ▲ | flumes_whims_ 8 hours ago | parent | prev [-] | |||||||
> “AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved – and only makes that duplication worse because the reporters can't even see each other's reports.” | ||||||||
| ||||||||