Vulnerability reports are not special anymore

zeveb 11 hours ago|

> If a security vulnerability is reported by someone who is also violating the CoC, what do you do? Do you ignore it? Fix it silently?

Is this even a question? You triage and fix the vulnerability just like any other one. Are truths spoken by folks one dislikes — even for perfectly valid reasons — any less true?

The only way I can imagine this somehow applying is if someone has a habit of reporting vulnerabilities which do not exist, or of exaggerating their severity. Is crying wolf a CoC violation? If so, then I can imagine that particular sort of bad behaviour justifying some consideration before acting on a report.

fragmede 10 hours ago||

How badly are they violating the code of conduct? It wouldn't be the first time a security researcher got thrown into prison or jail, in this line of work.

calvinmorrison 11 hours ago||

Will xorg backport patches from Xlibre?

inigyou 8 hours ago||

No, because xorg is a dead project that doesn't take any patches from anywhere and xlibre has shit code quality and is probably vibecoded now

sheerazali 4 hours ago||

[flagged]

shipfastai 7 hours ago||

[dead]

thoangai 9 hours ago||

[flagged]

jsmudda 6 hours ago||

[dead]

_el1s7 5 hours ago||

> LLMs are as good as almost any security researcher, and anyone4 can run them.

What is this, rage bait? It's bullshit, and insulting to actual security researchers.

That might be true for low-effort vulnerabilities and fake security researchers, but the real security researchers are far from being replaced by LLMs.

jamesjhare 8 hours ago||

"LLMs are as good as almost any security researcher"

No they are not. Everything else can be safely ignored. The author is suffering from AI psychosis and needs to get some help.

_el1s7 4 hours ago||

Everyone here is apparently, that's why you getting downvoted.

jybuilds 5 hours ago|

I agree. Accoding to a security engineer I know, the impact of mythos is enormous.