4/24/2026 at 4:37:04 AM
There was a double fronted marketing push by both organizations. That much is true and this makes me more skeptical of the message and how exactly it was framed.If we just stick with c/c++ systems, pretty much every big enough project has a backlog of thousands of these things. Either simple like compiler warnings for uninitialized values or fancier tool verified off-by-one write errors that aren’t exploitable in practice. There are many real bad things in there, but they’re hidden in the backlog waiting for someone to triage them all.
Most orgs just look at that backlog and just accept it. It takes a pretty big $$$ investment to solve.
I would like to see someone do a big deep dive in the coming weeks.
by goalieca
4/24/2026 at 5:59:31 AM
Globally agreed excepted for the "harmless" bit. Hackers are good these days, and these apparently innocuous bugs can be exploited in creative waysby bestouff
4/24/2026 at 7:34:11 AM
Feel like LLMs main sue in these situations would be to work through these essentially nothing-burger issues? If they're essentially just time consuming to solve, rather than problematic, they should be fairly trivial for them to hopefully solve reliably enough right? I'm very doubtful on AI for actual issues a lot of times, but in my experience, it rarely finds bigger issues from scratch without a lot of extra context such as some hints towards what and where the issue is, and essentially full context explaining any relevant parts to it. However I do find that it often find minor issues when the context is small and contained, or as mentioned when it knows what the issue is, and the solution is simple.I'm sure there's already plenty of work towards these things, but do bigger code bases completely shut out AI right now, due to the extreme amount of unsolicited PRs they get from AIs? I'd imagine if they were coordinated and structured properly on these things, they'd be more likely to be seen as an acceptable thing? I'm just spitballing, never worked on any real open source project, especially one where there's thousands if not millions of users and several issues every day, so my view on AI usage in these are mostly just from some instances where they ban all AI PRs and stuff like that because they are often really bad.
by licorices