Jean-Baptiste Kempf
๐ค SpeakerAppearances Over Time
Podcast Appearances
They provided very limited funding and they even went to the media first announcing how good their AI was before the issues could be fixed.
Yeah.
It's announcing how good their AI is, that they provided a standard 90-day industry deadline without really understanding the nature of volunteer-driven development.
In addition, this vulnerability was on an obscure 1990s game codec.
And let's look at it from their standpoint to begin with.
Yeah, sure.
They have substantial resources working on the security of open source projects that are ubiquitous.
And they've used a lot of compute to do that and very expensive and very capable security researchers to do that.
And that's their viewpoint is they are contributing by doing that.
But I think that's where...
Opinions differ.
It opened up a lot of interesting fissures, I would say.
It does seem that there's a portion of the security community that look at themselves a bit like building architects that never have to go to site.
Going to site is something that is a little bit beneath them, the actual day-to-day construction.
They're there to do their security things, and it's someone else's problem.
The security industry also kind of has...
a very aggressive tone towards things.
The language they use is extremely aggressive.
They use very strong language like, you will get popped.
And to Joe Public, get popped, it means something quite bad.