MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
reports
Search

Open Source Maintainers Are Drowning in Junk Bug Reports Written By AI

Wednesday December 11, 2024. 02:00 AM , from Slashdot
Open Source Maintainers Are Drowning in Junk Bug Reports Written By AI
An anonymous reader shares a report: Software vulnerability submissions generated by AI models have ushered in a 'new era of slop security reports for open source' -- and the devs maintaining these projects wish bug hunters would rely less on results produced by machine learning assistants. Seth Larson, security developer-in-residence at the Python Software Foundation, raised the issue in a blog post last week, urging those reporting bugs not to use AI systems for bug hunting.

'Recently I've noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open source projects,' he wrote, pointing to similar findings from the Curl project in January. 'These reports appear at first glance to be potentially legitimate and thus require time to refute.' Larson argued that low-quality reports should be treated as if they're malicious.

As if to underscore the persistence of these concerns, a Curl project bug report posted on December 8 shows that nearly a year after maintainer Daniel Stenberg raised the issue, he's still confronted by 'AI slop' -- and wasting his time arguing with a bug submitter who may be partially or entirely automated.

Read more of this story at Slashdot.
Read more at Slashdot
https://developers.slashdot.org/story/24/12/10/2334221/open-source-maintainers-are-drowning-in-junk-...

Related News

reports Go eclipses Node.js in web API requests, Cloudflare reports InfoWorldDec 11
bug NBC reports UHC killer once played a party game BoingBoingDec 10
open Open source maintainers are drowning in junk bug reports written by AI TheRegisterDec 10
security Cloudflare Radar Year in Review 2024: big source of traffic is AI crawlers ComputerWorldDec 10
source Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket TheRegisterDec 9
issue Bose's Wacky Open Earbuds Won Over My Reluctant Heart Wired: Tech.Dec 9
low-quality Slashdot's Interview with Bruce Perens: How He Hopes to Help 'Post Open' Developers Get Paid SlashdotDec 9
are Vanir: open-source security patch validation OS NewsDec 6
projects The New York City Sign Museum, now open for tours BoingBoingDec 6
time Ask Bruce Perens Your Questions About How He Hopes to Get Open Source Developers Paid SlashdotDec 5
larson New study highlights the ongoing importance of open source BetaNewsDec 4
these Major energy contractor reports 'limited' access to IT after ransomware locks files TheRegisterDec 3
raised Watch raccoons try to open a door BoingBoingDec 3
curl Open-washing and the illusion of AI openness InfoWorldDec 3
written Company Claims 1,000% Price Hike Drove It From VMware To Open Source Rival SlashdotDec 2
reports ProPublica reports Texas' abortion ban has killed another woman BoingBoingDec 2
bug Open source supply chain faces security issues BetaNewsDec 2
open Bluesky's Open API Means Anyone Can Scrape Your Data for AI Training. It's All Public SlashdotDec 2
security NetAdmin learns that wooden chocks, unlike swipe cards, open doors when networks can't TheRegisterDec 2
source Claims of 'open' AIs are often open lies, research argues TheRegisterDec 2
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Dec, Thu 12 - 03:06 CET