cross-posted from: https://lemmy.zip/post/64538696
Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’
cross-posted from: https://lemmy.zip/post/64538696
Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’
What you’re forgetting is that many – if not most – of these vulnerabilities/exploits are bullshit in the first place. Either very niche situations that are extremely unlikely to happen in real life or outright hallucinations.
A few of them are legitimate security concerns, sure, but the vast majority are either low priority or a complete waste of time. And the same goes for the hackers trying to find ways in – the vast majority of the exploits they discover this way won’t actually work, or will only affect a tiny minority of Linux systems that are using obscure and/or obsolete protocols. So it’s not quite the ‘nukes’ from your hyperbole.
Okay let’s say what you said is 100% right. How are you going to filter them or restrict them? OC said using a video interview. Who’s gonna conduct the interview? Who will pay the interviewer? How can we verify the answers that the interviewee gives are not AI generated? Wouldn’t reviewing the reports and the contributions instead would be faster even if most of them are wrong?
You want a real solution?
It costs $10 for an un-vetted reporter to submit a bug report. If the developers review the bug report and find it to be valid and helpful, you get your $10 refunded and you’re added to the list of vetted reporters who can submit bug reports for free. If not, the foundation keeps the $10 and uses it to help pay the salaries of people who have to review these bug reports.
Sounds viable tbh.