pull down to refresh

The last part with being noticed by autist for 0.5s startup delay is killing 🤣
reply
Something not priced in to opensource security is AI reviewing code for potential vulnerabilities. It's not perfect of course, but it can call for more expert review by identifying suspicious practices in code or simply labeling a library as sus
Recently added our repos to socket to monitor our npm based supply chain for deps, and it's pretty awesome. Will be even more awesome when there are several others available
reply
If you applied such an AI bot to the XZ backdoor and it found it (without including it in your dataset of course) I'd be more enthusiastic. The degree of code obfuscation with this was pretty high to be fair.
reply
This actually would be an interesting experiment.
Did somebody try to test whether running copilot or any other source code AI tool will identify it as a vulnerability?
reply
Yea it was buried really good, but that will also result in automating new kinds of tests
reply
I look forward to it.
reply
Well with the caveat that they might have done/are attempting both top panel and bottom panel
reply
Looks like that page that link connects to has been .. removed
reply
deleted by author
reply