"“the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.”"
"“People spend all their time just forwarding things to the right people or saying 'that was already fixed a week/month ago' and pointing to the public discussion,” Torvalds complained."
"“AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved - and only makes that duplication worse because the reporters can't even see each other's reports.”"
"“AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work. Feel free to use them, but use them in a way that is productive and makes for a better experience.”"
The Linux kernel security mailing list has become almost entirely unmanageable due to multiple researchers using AI tools to find the same bugs and submitting duplicate reports. Kernel maintainers spend time forwarding reports or responding that issues were already fixed, often pointing to prior public discussion. AI-detected bugs are generally not secret, so handling them on private lists wastes time and increases duplication because reporters cannot see each other’s submissions. AI tools are considered useful only when they improve outcomes rather than create unnecessary work. If a bug is found using AI tools, someone else likely found it too, so reporting should be handled in a way that reduces duplication and improves the overall experience.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]