Linus Torvalds: "Senseless back and forth" over AI-found vulnerabilities
Linux creator Linus Torvalds doesn't think AI tools for security are bad, but criticizes the current handling of vulnerabilities.
The letters AI fly around hooks and warning triangles.
(Image: tadamichi/Shutterstock.com)
In his weekly update on Linux kernel development, Linus Torvalds this time also commented on the flood of security vulnerabilities found by AI tools. The inventor of Linux, who describes himself as often “blunt”, does not complain that so many vulnerabilities are currently being found. However, he considers the handling of the findings and how they are published to be problematic.
On the one hand, there are numerous duplicates, which is inherent in the nature of the matter: If someone finds a vulnerability with an AI tool, someone else can do it too. Such findings are “by definition not a secret”, writes Torvalds. Therefore, they should not be immediately forwarded to the responsible people in the community, but only checked to see if the vulnerability has perhaps not already been closed. The security mailing list is “almost completely unmanageable” due to the many duplications and discussions about them.
Videos by heise
“Does more than AI!”
The handling of vulnerabilities on private lists is even worse. This only leads to a “senseless back and forth” – precisely because the former secret is no longer a secret due to the existence of an AI tool that can find it. One should not submit more senseless reports, but rather a patch for the found vulnerability, Torvalds believes. “AI tools are great,” writes the developer. But if you use them, you have to do more than just that. You have to “contribute real added value, in addition to what the AI has done,” demands Torvalds.
(nie)
