The hostility is not geared towards AI, they are just dumb tools, but sloppy and stupid reporters. AI is enabling those stupid reporters. The linked report basically says in typical AI blathering (paraphrase) "you use strcpy(), strcpy() is known to cause buffer overflows if not bounds checked, thus you have buffer overflow bugs"
Obviously, the logic doesn't hold. Anyway, asked to provide a specific line in a specific module where strcpy() is not bounds checked, the response is "probably in curl.c near a call to strcpy()." That moved from sloppy to stupid pretty quickly, didn't it?
And there are dozens if not hundreds of these kinds of reports. Hostility towards the reporters (whether AI or not) is justified.
Obviously, the logic doesn't hold. Anyway, asked to provide a specific line in a specific module where strcpy() is not bounds checked, the response is "probably in curl.c near a call to strcpy()." That moved from sloppy to stupid pretty quickly, didn't it?
And there are dozens if not hundreds of these kinds of reports. Hostility towards the reporters (whether AI or not) is justified.