Comment on Do you actually audit open source projects you download?
mobotsar@sh.itjust.works 2 weeks agoI’m writing a paper on this, actually. Basically, it’s okay-ish at it, but has definite blind spots. The most promising route is to have AI use a traditional static analysis tool, rather than evaluate the code directly.
semperverus@lemmy.world 2 weeks ago
That seems to be the direction the industry is headed in. GHAzDO and competitors all seem to be converging on using AI as a force-multiplier on top of the existing solutions, and it works surprisingly well.