| ▲ | unnouinceput 2 hours ago |
| all vulnerabilities are just bugs. |
|
| ▲ | GTP 2 hours ago | parent | next [-] |
| Vulns are a subset of bugs. What the above commenter is saying, is that some bugs don't belong to this category. |
|
| ▲ | stonogo 2 hours ago | parent | prev [-] |
| But not the other way around, which makes them different. |
| |
| ▲ | void-star 35 minutes ago | parent [-] | | Actually, Mudge of the l0pht (and later DARPA) once famously made the claim that all bugs are security issues waiting to be exploited in some way (I’m probably paraphrasing). I kind of agree. Although, the bugs on this dump are indeed mostly pretty lame, which is exactly what I’ve seen you get a lot of when you let an llm go bug hunting with no human vetting and confirmation in the loop. It’s possible/likely that whomever is running this experiment is keeping the non slop bugs to themselves. It’s probably what I’d do. | | |
| ▲ | stonogo 11 minutes ago | parent [-] | | Such claims can both be true and pointless. For those of us who have to decide what actions to take, there is a point in differentiating between bugs and vulnerabilities, and breathlessly proclaiming "we found a vulnerability but we don't have an exploitation vector or proof that there's a meaningful security consequence" is annoying and likely to get the proclaimer ignored in the future. |
|
|
