reply on: Open Source AI Spam: Further Commentary \ stacker news ~devs

pull down to refresh

40 sats \ 2 replies \ @zuspotirko 10 May 2024 \ on: Open Source AI Spam: Further Commentary devs

arm them with common security vulnerabilities, and let them loose on code bases, opening issues and submiting patches

I agree this is a good idea. However, a lot of security gaps are introduced from unusual implementations, unusual requirements, unusual tech-baggage. Finding gaps in your average Java/Spring & Angular program are only scratching the surface

LLMs are finding use among developers who don't natively speak English

skill issue

Whether it's for the bug bounties, or for the social clout of getting accepted contributions to open source, the incentives to continue trying this spam will continue, and I don't see a great mitigation strategy for the code maintainers. Thus, I like to think of it as "spam" as in unwanted email.

That's a good point. Maybe needs some kind of proof that an automated issue submitter is actually competent and/or actually did put effort in

10 sats \ 1 reply \ @geeknik 10 May 2024

Psh. I never put any effort into bug bounties, my entire pipeline is automated from asset discovery to report submission. It's the best source of passive income I've found that never fails to deliver. Automation makes work feel like a paid vacation.

0 sats \ 0 replies \ @svemir 13 May 2024

This sounds intriguing. Are there places where you talk more about your pipeline?