Pretty unimpressive as security vulnerabilities. It would be better to just say these are simple bugs for the most part.

▲

unnouinceput 2 hours ago | parent [-]

all vulnerabilities are just bugs.

▲

GTP 2 hours ago | parent | next [-]

Vulns are a subset of bugs. What the above commenter is saying, is that some bugs don't belong to this category.

▲

stonogo 2 hours ago | parent | prev [-]

But not the other way around, which makes them different.

▲

void-star 33 minutes ago | parent [-]

Actually, Mudge of the l0pht (and later DARPA) once famously made the claim that all bugs are security issues waiting to be exploited in some way (I’m probably paraphrasing). I kind of agree. Although, the bugs on this dump are indeed mostly pretty lame, which is exactly what I’ve seen you get a lot of when you let an llm go bug hunting with no human vetting and confirmation in the loop.

It’s possible/likely that whomever is running this experiment is keeping the non slop bugs to themselves. It’s probably what I’d do.

	▲	stonogo 9 minutes ago \| parent [-]
		Such claims can both be true and pointless. For those of us who have to decide what actions to take, there is a point in differentiating between bugs and vulnerabilities, and breathlessly proclaiming "we found a vulnerability but we don't have an exploitation vector or proof that there's a meaningful security consequence" is annoying and likely to get the proclaimer ignored in the future.