undefined | Better HN

0 pointsvidarh15d ago0 comments

Even if I was selling the model, which I am not, it still does not follow that you can judge that on a single run, given that no security researchers have found all of these bugs on their own in a short amount of time either.

0 comments

shakna14d ago

Okay, to respin this - Daniel doesn't say that curl is secure-enough. Half the point of the talks this year, is there has been an uptick in detecting security bugs, not a downturn. And here's some graphs. [0]

> Given the look of these graphs I don’t think we are close to zero bugs yet. These two curves do not seem to even start to fall yet.

If the author thinks there is more to find, then the soil probably isn't dry.

But, from the author's mouth:

> My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing. I see no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before Mythos. Maybe this model is a little bit better, but even if it is, it is not better to a degree that seems to make a significant dent in code analyzing. [1]

[0] https://daniel.haxx.se/blog/2026/04/30/approaching-zero-bugs...

[1] https://mastodon.social/@bagder/116554460442650929

j / k navigate · click thread line to collapse