Facebook with Latestnigeriannews  Twieet with latestnigeriannews  RSS Page Feed
Home  |  All Headlines  |  Punch  |  Thisday  |  Daily Sun  |  Vanguard   |  Guardian  |  The Nation  |  Daily Times  |  Daily Trust  |  Daily Independent
World  |  Sports  |  Technology  |  Entertainment  |  Business  |  Politics  |  Tribune  |  Leadership  |  National Mirror  |  BusinessDay  |  More Channels...

Viewing Mode:

Archive:

  1.     Tool Tips    
  2.    Collapsible   
  3.    Collapsed     
Click to view all Entertainment headlines today

Click to view all Sports headlines today

AI-Assisted Bug Reports Are Seriously Annoying For Developers

Published by Slashdot on Fri, 05 Jan 2024


Generative AI models like Google Bard and GitHub Copilot are increasingly being used in various industries, but users often overlook their limitations, leading to serious errors and inefficiencies. Daniel Stenberg of curl and libcurl highlights a specific problem of AI-generated security reports: when reports are made to look better and to appear to have a point, it takes a longer time to research and eventually discard it. "Every security report has to have a human spend time to look at it and assess what it means," adds Stenberg. "The better the crap, the longer time and the more energy we have to spend on the report until we close it." The Register reports: The curl project offers a bug bounty to security researchers who find and report legitimate vulnerabilities. According to Stenberg, the program has paid out over $70,000 in rewards to date. Of 415 vulnerability reports received, 64 have been confirmed as security flaws and 77 have been deemed informative -- bugs without obvious security implications. So about 66 percent of the reports have been invalid. The issue for Stenberg is that these reports still need to be investigated and that takes developer time. And while those submitting bug reports have begun using AI tools to accelerate the process of finding supposed bugs and writing up reports, those reviewing bug reports still rely on human review. The result of this asymmetry is more plausible-sounding reports, because chatbot models can produce detailed, readable text without regard to accuracy. As Stenberg puts it, AI produces better crap. "A crap report does not help the project at all. It instead takes away developer time and energy from something productive. Partly because security work is considered one of the most important areas so it tends to trump almost everything else." As examples, he cites two reports submitted to HackerOne, a vulnerability reporting community. One claimed to describe Curl CVE-2023-38545 prior to actual disclosure. But Stenberg had to post to the forum to make clear that the bug report was bogus. He said that the report, produced with the help of Google Bard, "reeks of typical AI style hallucinations: it mixes and matches facts and details from old security issues, creating and making up something new that has no connection with reality." [...] Stenberg readily acknowledges that AI assistance can be genuinely helpful. But he argues that having a human in the loop makes the use and outcome of AI tools much better. Even so, he expects the ease and utility of these tools, coupled with the financial incentive of bug bounties, will lead to more shoddy LLM-generated security reports, to the detriment of those on the receiving end.Read more of this story at Slashdot.
Click here to read full news..

All Channels Nigerian Dailies: Punch  |  Vanguard   |  The Nation  |  Thisday  |  Daily Sun  |  Guardian  |  Daily Times  |  Daily Trust  |  Daily Independent  |   The Herald  |  Tribune  |  Leadership  |  National Mirror  |  BusinessDay  |  New Telegraph  |  Peoples Daily  |  Blueprint  |  Nigerian Pilot  |  Sahara Reporters  |  Premium Times  |  The Cable  |  PM News  |  APO Africa Newsroom

Categories Today: World  |  Sports  |  Technology  |  Entertainment  |  Business  |  Politics  |  Columns  |  All Headlines Today

Entertainment (Local): Linda Ikeji  |  Bella Naija  |  Tori  |  Daily News 24  |  Pulse  |  The NET  |  DailyPost  |  Information Nigeria  |  Gistlover  |  Lailas Blog  |  Miss Petite  |  Olufamous  |  Stella Dimoko Korkus Blog  |  Ynaija  |  All Entertainment News Today

Entertainment (World): TMZ  |  Daily Mail  |  Huffington Post

Sports: Goal  |  African Football  |  Bleacher Report  |  FTBpro  |  Kickoff  |  All Sports Headlines Today

Business & Finance: Nairametrics  |  Nigerian Tenders  |  Business Insider  |  Forbes  |  Entrepreneur  |  The Economist  |  BusinessTech  |  Financial Watch  |  BusinessDay  |  All Business News Headlines Today

Technology (Local): Techpoint  |  TechMoran  |  TechCity  |  Innovation Village  |  IT News Africa  |  Technology Times  |  Technext  |  Techcabal  |  All Technology News Headlines Today

Technology (World): Techcrunch  |  Techmeme  |  Slashdot  |  Wired  |  Hackers News  |  Engadget  |  Pocket Lint  |  The Verge

International Networks:   |  CNN  |  BBC  |  Al Jazeera  |  Yahoo

Forum:   |  Nairaland  |  Naij

Other Links: Home   |  Nigerian Jobs