I sure hope this effort has requirements for bug reports quality, and fund human developers to work on actual fixes.
If not, there’s a risk of further drowning projects with sloppy bug reports.
The announcement explicitly mentions increased coordination between companies scanning OSS code with AI to avoid duplicating effort and bug reports. That’s definitely a good goal.
I think the idea is to pay these people to deduplicate and verify vulnerability reports, so the responsibility doesn’t fall on every maintainer to do that same process individually, so they can focus on fixing the real bugs.
I sure hope this effort has requirements for bug reports quality, and fund human developers to work on actual fixes.
If not, there’s a risk of further drowning projects with sloppy bug reports.
The announcement explicitly mentions increased coordination between companies scanning OSS code with AI to avoid duplicating effort and bug reports. That’s definitely a good goal.
I think the idea is to pay these people to deduplicate and verify vulnerability reports, so the responsibility doesn’t fall on every maintainer to do that same process individually, so they can focus on fixing the real bugs.