He'll be looking over his back/front/sides at anyone who approaches him with a long umbrella and closely examine any drink served to him for the rest of his life.
Plus he should plan on living on the ground floor of any building as recent Russians have had a habit of jumping from high buildings...
He deserves it. My guess is he demanded a piece of that 120M, didn’t get it, and leaked it to the press. My impression is police and FSB don’t get along too well in Russia, but both are equally corrupt.
I would have thought that getting rid of private (or semi-private) offices, the largest, most conspicuous "free popsicle", would have been the death knell for the old Microsoft - the beancounters are running the asylum now.
I think it'll be a war of who has the better LLMs-as-security-scanner.
Ideally, you'd do a comprehensive all-source-code scan, (and the LLM-scanner finds everything during those scans), and fix all the reported defects.
Afterwards, any dev that commits code will run the LLM-scanner on the modified code (and affected areas) and fix any reported defects.
So the black-hat hacker would be shut out unless they get access to an LLM-scanner with better analysis than what the target project is using.
Major LLM-scanners could give priority access for new versions of LLM-scanners to major projects to find any defects in the current source code before any other party could use the reported defects against the project or their users.
So black-hat hackers would be left with developing their own LLM-scanner better/more efficient than existing major LLM-scanners.
Given enough incentive, they might develop such a tool. Look at the market for zero-day vulnerabilities for smartphones, esp iPhones.
The cheap, low-hanging "fruit" lint rules have been added to today's C/C++ compilers. But these rules can be fragile, depending on what level the static analysis scan occurs - source-code-level-textual pattern matching or use of an AST/parse tree.
Possible problems within a function should be discoverable.
This particular bug would be hard to discover for a typical linter unless they knew/remembered that there are two execution paths for cleanup of a given element.
How many of those are false positives though? Probably just over 5000?
You get bug bounties if you report the kind of bugs Mythos identified. There's a reason no-one collected bounties from the "5000 defects" Coverity identified.
The Mythos reports have several examples of chaining a whole bunch of logic in different parts of the program together to exploit something very subtle. The Coverity reports aren't anything like that. These tools aren't remotely in the same league or even universe.
It's hard to convince managers to spend money on static analysis tools (or any development tool).
Unless your company just got bad publicity for a bug and your devs come to you and demonstrate that a certain static analysis tool would have flagged that particular piece of code, most managers would let the beancounter-facet dominate the decision making process.
The best general purpose one, anyway. Specialty tools can be much better for their niches. Heck, compiler warnings are one such niche tool, and some of them are quite good.
Firefox developers do fix issues found by Coverity. I haven't looked at the results in over a decade, but the last time I did there were a few code patterns we used in a lot of places which Coverity didn't like (but were actually okay the way we were doing them) which resulted in a colossal number of false positives.
Not sure the case that the parent refers to, but there's a good reason that CTRL-F in the Win95/Exchange Mail client and Outlook will invoke the Forward email message command.
It goes back to what is the common action that the user would perform in the app. Forwarding an email is more common that Finding text in an email - at least to Billg.
Ironically, like "notepad". I always find it odd how infringers feel ownership and get defensive about their infringement. Like release groups getting pissy about people reposting/renaming their releases.
Windows Notepad isn't a standalone product, but a Windows feature that has its title localized into every language as part of Windows, none of which are registered as a trademark.
And should it be considered a commercial product, Notepad alone is too generic so the trademark would probably be Windows/Microsoft Notepad, just like products named Something-Office both predate and followed Microsoft Office.
Plus he should plan on living on the ground floor of any building as recent Russians have had a habit of jumping from high buildings...
reply