AI-generated code could be a disaster for the software supply chain. Here’s why.

Jump to latest Follow Reply
Status
You're currently viewing only sigmasirrus's posts. Click here to go back to viewing the entire thread.
Muted (0)
Sort by date Sort by votes
sigmasirrus

sigmasirrus

Ars Scholae Palatinae
1,263
  • #131
    Renx said:
    Oh, that's fascinating!

    Best quote I heard on the subject was "Why are we using AI to create new problems instead of solving old problems?" and that, of course, is the heart of the matter. LLMs do not solve old problems.

    I was wondering how the heck do you detect hallucinations, but I did not at all think of package names as an attack vector. How remarkably insidious! Of course, this has always been a problem with people dropping package names with typos and just waiting for someone to bite, but now your code copilot brings the exploit to you!

    I wouldn't even know where I'd start with coding today, since you apparently need to understand supply chain first.
    Click to expand...

    Only use well known, well established dependencies. Use as few as possible.
     
    Upvote
    2 (2 / 0)
    You must log in or register to reply here.
    Status
    You're currently viewing only sigmasirrus's posts. Click here to go back to viewing the entire thread.
    Jump to latest Follow Reply
    Jump to latest Follow Reply