Opensource

1524 readers

179 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 1 year ago

MODERATORS

pylapp

Fake AI Buffer Overflow Risk in Curl report (hackerone.com)

submitted 1 week ago by [email protected] to c/opensource

12 comments fedilink hide all child comments

Now, with the help of AI, it's even easier to waste time of open source developers by creating fake security vulnerability reports.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 1 week ago (2 children)

Man, why would you do this type of shit with a username that's easily linked back to your real name and business ventures? I found this person's GitHub profile, LinkedIn page, current employer, and a link to some sort of startup business page just by doing a simple search for their very public username: https://webug.xyz

Several people over at Hackernews have posted this same info because security people are curious. It's just baffling to me. If you're going to be a scumbag, you should at least try to distance yourself from it.

(also, wtf is that page of AI slop even trying so say? What the fuck is any of that for?)

[–] Kissaki 1 points 1 week ago

If it were a successful report they'd want the attribution, recognition, and publicity.

They didn't see the bad they were doing. I wonder if they see it now. Given their response, I doubt it.

load more comments (1 replies)