Comment by simonw

Comment by simonw 2 days ago

You're posting this comment on a thread attached to an article where Filippo Valsorda - a noted cryptography expert - used these tools to track down gnarly bugs in Go cryptography code.

tptacek 2 days ago

They're also using "AI SAST tools", which: I would not expect anything branded as a "SAST" tool to find interesting bugs. SAST is a term of art for "pattern matching to a grocery list of specific bugs".

Reply View 1 reply

bgwalter 2 days ago

ZeroPath for example brands itself as "AI" SAST. I agree that these tools do not find anything interesting.

Reply View | 0 replies

delusional 2 days ago

These are not "gnarly bugs".

Reply View 2 replies

tptacek 2 days ago

They're not?

Reply View | 1 reply
- nmadden a day ago
  
  100% reproducible deterministic bugs are absolutely the easiest class of bugs.
  
  Reply View | 0 replies