No, Finding Security Bugs Takes Time and Care (Human Touch, Real Grasp of Real Code)
Now they say their bug-reporting slop is so dangerous that they cannot even let us look at it!
Remember that for hype's sake the snake-oil peddlers can even take many bugs found by actual people (salaried by them) and falsely attribute the discoveries to the sloppy snake-oil they're attempting to sell (like hiring low-paid African men to pretend to be "AI girlfriends" or hiring in India to do jobs remotely while pretending to be "AI" "agents", subsidised by Microsoft)
Last week Akira Urushibata told me about what I deemed to be a PR stunt or marketing campaign ("too dangerous to release!" clickbait/alarmism) from a malicious company that engages in plagiarism, militarism, and burning the planet with funding from GAFAM (Amazon/Bezos). Shortly afterwards he (Urushibata) posted something similar to this mailing list and the moderator took 4 days to approve the message. Urushibata previously complained to me that not only did his messages take a long time to approve; sometimes they were denied (canned) entirely.
I spoke to an associate about this and he said: "That is unsatisfactory engagement. List moderation is not a new task, it is a solved problem. Thus I interpret the misadventures we see at LibrePlanet as an intentional action to harm the community passively."
While I don't share those (private but anonymised) views/interpretations, it does bother me that LibrePlanet is too slow in moderation and it's not clear if it needs any moderation at all. Years ago we wrote several long articles about how the moderation blocked questions about Ukraine and Russia. As if a ***tstorm would certainly ensue. Come on, we're all grown-ups in that mailing-list, aren't we?
To avoid naming the company or the hype ("products") I'll just add a screenshot below with some annotation: (we've mostly omitted links from Daily Links if they spoke about it; we try not to unwittingly participate in the hype)
Remember that they told us (in 2022) that LLM chatbots were "intelligence" or "intelligent". Then we ended up hearing about suicides, chatbots telling people to kill other people, folks getting fictional medical "advice" (sometimes fatal), and eventually the leading booster of these chatbots, Microsoft, admitted those were not "intelligence" but "entertainment".
From what I've read (but have mostly refrained from adding to Daily Links), those stupid programs from this very stupid company found bugs in very, very old software (that nobody even uses anymore, especially old versions or code for very old hardware which no longer exists) and it boils down to a lot of hype (like the age of the bugs) but not much about quantity sans cherry-picking, quality (false positives matter; the signal-to-noise ratio inhibits productivity, Daniel from curl ranted a lot about this!), or substantial damage/risk.
As usual, as so much of today's "mainstream" media shamelessly takes bribes from these lying, scammy, scummy companies, it has made it sound like an Earth-shattering event without giving us access to assess the veracity of (marketing) claims.
This too shall pass. █