High Quality chaos (a slide from a talk I do next week on this topic)
Post
Replies:
11
Wireshark: more than 40 CVEs in last release ...
@bagder why do you think they have so many vulnerabilities? Is it the broad application scope or number of developers?... Or sth else?
@hellma because now we use AI to find the flaws and these tools find many more things we never found before. In all projects and products.
@bagder oh, I forgot about AI this morning. Thanks for reminding me about it
@bagder @hellma It would be interesting to compare the total amount of money put in searching these bugs with AI vs total amount of money spent on searching the bugs by professionals. Bug bounty excluded - this is other model.
Also, it will probably be harder (more expensive) to find bugs in the next iteration.
It's not the matter if X can improve security. It's the matter how much it'll cost.
Most of them are not serious. But the AI hype must proceed.
No word from Google regarding Android?
@bagder
> Firefox fixes 271 vulnerabilities
so like I'm a noob, but
I remember Firefox getting a security fix every week or so, to the point I got desensitized to the security-announce mailing list of the distro I was using.
Does 271 more vulns make a big difference at that point?
@bagder wonder what the severity distribution is like; is there a similarly significant increase in high severity vulnerabilities?
@bagder Ah, looks like two scenarios 😊
One, big shops are desperate to show their name on record .
Second, they are fixing their self-introduced bugs....heck.
Bonus, these monkeys never learn to maintain open source...irks
Sigh....they are serios time-grabber ...meh
@bagder In your professional opinion (I have my own hypotheses), how much of that is due to AI *finding* CVEs and how much is due to AI *introducing* them in the first place? ^^
@ftranschel these tools find vulns in all code, but of course the worse code it is the more problems they will find...
