reporting security issues
Is this not an advantage? If AI can find new security vulnerabilities reliably?
Comment on Gentoo Linux Begins Codeberg Migration In Moving Away From GitHub, Avoiding Copilot
ExLisper@lemmy.curiana.net 2 weeks agoI guess it’s about copilot scanning the code, submitting PRs, reporting security issues, doing code reviews and such.
Ladislawgrowlo@lemy.lol 2 weeks ago
gwl@lemmy.blahaj.zone 2 weeks ago
It cannot
jjagaimo@sh.itjust.works 2 weeks ago
It often makes up non existent vulnerabilities. I think it was curl getting flooded with fake vulnerability reports which drowns out real reports, esp because it can take time to parse through the code or run the poc
bananabread@lemmy.zip 2 weeks ago
Or it could introduce new ones :)
eronth@lemmy.world 2 weeks ago
Yeah, but you can have it scan without implementing.
sp3ctr4l@lemmy.dbzer0.com 2 weeks ago
Basically anywhere that LLMs are implemented… they are a security vulnerability, for any situation in which they are not sandboxed.
Anything they can interface with?
You can probably trick it or exploit it into doing something unintended or unexpected to anything else it is connected to.
Theoretically you could use an LLM to do something like come up with more accurate heuristics for identifying malware.
But… they’re nowhere near ‘intelligent’ enough to like, give it a whole code base for some kind of software, and thoroughly make that software 100% secure.
TheSeveralJourneysOfReemus@lemmy.world 2 weeks ago
Copilot is everywhere and inescapable on any m$ service.