I've been on the receiving end of some of these. The basic problem is that the issues are legitimate but the presentation sorely lacking; the reporters have absolutely no idea what they're sending in, and are just dumping everything out with no filter. So often there will be a very real issue down there somewhere, but it's hard to get at.
Also, often a lot of people will report exactly the same bug, and when you say “no, this is a duplicate that was already fixed in revision NNNN”, they will have their LLM argue with you that it is a different one :-)
I will say that I absolutely have seen real reports that are obviously discovered with AI and partially written with them, but where a human was also strongly in the loop (i.e., there's seemingly been a significant amount of editing, not just raw AI output). These are generally about as good as other security reports in my experience.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。