Slop security reports for open source
I've noticed a concerning trend of "slop security reports" being sent to open source projects, whether because of LLMs, spurious scanning results, or a lack of critical thinking from reporters. Here are thoughts about what platforms and maintainers can do to push back:
Don't miss what's next. Subscribe to sethmlarson.dev:
Start the conversation: