Comment by 42lux
You are on hackernews. It’s curiosity not only about the flaw in their system but also how they as a system react to the flaw. Tells you a lot about companies you can later avoid when recruiters knock or you send out resumes.
You are on hackernews. It’s curiosity not only about the flaw in their system but also how they as a system react to the flaw. Tells you a lot about companies you can later avoid when recruiters knock or you send out resumes.
> I know I am on HN. Curiosity is one thing, investigating issues for free for a rich company is another.
The vulnerability https://github.com/bf/security-advisories/blob/main/2025-01-... targets other sites than OpenAI. OpenAI's crawler is rather the instrument of the crime for the attack.
Since this "just" leads to a potential reputation damage for OpenAI (and OpenAI's reputation is by now bad), and the victims are operators of other websites, I can see why OpenAI sees no urgency for fixing this bug.
I know I am on HN. Curiosity is one thing, investigating issues for free for a rich company is another. The former makes sense to me. The latter not as much, when we live in a world with all sorts of problems that are available to be solved.
I think judging the future state of a company based on its present state is not really fair or reliable especially as the period between the two states gets wider. Culture change (see Google), CxOs leave (OpenAI) and the board changes over time.