SoylentNews

canopic jug [soylentnews.org] writes:

Daniel Stenberg of cURL fame has written about the impact of fake, LLM-generated bug reports has on his project, cURL [daniel.haxx.se]. The main problem with LLM-generated bug reports is that they tend to be bunk while at the same time looking close enough to a real bug report as to end up wasting a lot of developer time which could have been used triaging and addressing real bugs.

A security report can take away a developer from fixing a really annoying bug. because a security issue is always more important than other bugs. If the report turned out to be crap, we did not improve security and we missed out time on fixing bugs or developing a new feature. Not to mention how it drains you on energy having to deal with rubbish.

Often wannabe security consultants will take the output of an LLM and modify it with their own language, thus intentionally or unintentionally obscuring some of the telltale warning signs of LLM-generated bunk.

Previously:
(2023) "cURL", the URL Code That Can, Marks 25 Years of Transfers [soylentnews.org]
(2023) Half of Curl's Security Vulnerabilities Due to C Mistakes [soylentnews.org]
(2020) curl up 2020 and Other Conferences Go Online Only [soylentnews.org]
(2018) Daniel Stenberg, Author of cURL and libcurl, Denied US Visit Again [soylentnews.org]

Original Submission