alt Hacker NewsWith the exploits, you can try them and they either work or they don't. An attacker is not especially interested in analysing why the successful ones work.
With the CVE reports some poor maintainer has to go through and triage them, which is far more work, and very asymmetrical because the reporters can generate their spam reports in volume while each one requires detailed analysis.
Replies
0xDEAFBEAD • today at 5:15 AM
It can't be too long before Claude Code is capable of replication + triage + suggested fixes...
➕ show 2 replies
airza • yesterday at 11:09 PM
All the attackers I’ve known are extremely, pathologically interested in understanding why their exploits work.
➕ show 2 replies
There's been several notable posts where maintainers found there was no bug at all, or the example code did not even call code from their project and had just found running a python script can do things on your computer. Entirely AI generated Issue reports and examples wasting maintainer time.