GitHub user garydgregory added a comment to the discussion: Addressing AI-slop in security reports
My idea FWIW in the YWH case is that such a program IMO pays to have us do the research (and fixes) for the reports that comes through them. They can pay the reporter if the report is valid. This forces the program (like YWH) to be more than a bumb funnel (from our perspective). GitHub link: https://github.com/apache/logging-log4j2/discussions/4052#discussioncomment-15948540 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
