Thoughts on LLMs and vulnerability disclosure

I was nodding along while reading this. Hard to ignore the legit security reports that an OSS project is getting these days regardless of how one feels about LLMs.

It is so hard to properly secure a project if everyone with a $20/mo subscription has a way to burn through the time limit you wanted to put on maintenance work. I see many others postponing feature work because of this.