3 pointsby majora20073 hours ago3 comments

Guestmodinfo3 hours ago
Is it possible to let AI analyze your messages and only show you the ones which don't contain certain keywords like "i will release vulnerability".
- majora20073 hours ago
  Well these are well written security vulnerabilities with reproduction steps. It's hard to tell if it's an AI discovering or a user using AI to find issues. But suddenly, I'm having an influx of issues where-as for the past 5 years, I received maybe 5. Just this month, I've been hit with 5 low effort vulnerabilities (all very small, unlikely to expose anything of value).
  But it's very hard to maintain these in addition to the release work.
  - samuelknight2 hours ago
    If it has steps to reproduce, you give it to your coding agent to "fix [bug] using TDD". If it can't make a test it wasn't reproducible.
mmarian3 hours ago
I don't have any big open source projects, but why not just ignore them?
- majora20073 hours ago
  Because if there are valid ones, they may impact users... It's important to do due diligence (but this takes time to validate them).
  - mmarian3 hours ago
    A lot of things seem important in software, but we need to prioritize and compromise based on resources available. Based on what you've said so far, it seems to me that this project isn't giving you enough resources to invest in this particular problem.
    That's the attitude I have with my software projects.
dubyabee23 hours ago
Yes. It is across most categories of software and services.