Google will not settle for AI-generated submissions to a program it funded to search out bugs in open-source software program. Nonetheless, it’s contributing to a separate program that makes use of AI to strengthen security in open-source code.
The Google Open Supply Software program Vulnerability Reward Program crew is more and more involved concerning the low high quality of some AI-generated bug submissions, with many together with hallucinations about how a vulnerability might be triggered or reporting bugs with little security influence.
“To make sure our triage groups can deal with essentially the most vital threats, we are going to now require higher-quality proof (like OSS-Fuzz copy or a merged patch) for sure tiers to filter out low-quality experiences and permit us to deal with real-world influence,” Google wrote in a weblog submit.
