Vulnerability reports are a voluntary service to help a vendor or software project. It’s often an annoyance for the security researcher. I understand people are getting slammed and it sucks, but the main result of rejecting them is going to be an increase in full disclosure. As a note: if you have a bug (that isn’t devastating but you’d like to talk about) having an LLM write up the disclosure is a great way to check the “we disclosed responsibly and they didn’t care” box.
> I understand people are getting slammed and it sucks, but the main result of rejecting them is going to be an increase in full disclosure.
Right, what I'm saying is that letting those bugs go to full disclosure (aka being filed as public issues, like every other bug) would have been a significant damage to user safety a year ago, and it's not anymore.
I think that’s an assumption. Just because an LLM might be able to find some bugs does not mean every attacker has a packaged attack, or the right prompting. The easiest way to find a vuln is just to Google for it.