Comment by functional_dev
6 days ago
agreed, attackers can use these AI tools to scan open source code and find bugs very fast... if project maintainers do not have access to such tools, it because an ufair fight
6 days ago
agreed, attackers can use these AI tools to scan open source code and find bugs very fast... if project maintainers do not have access to such tools, it because an ufair fight
Exactly. The rate of acceptance right now is low. Maybe less than 10% and most will not be relevant. Also, if they can use it to categorise, validate and test it why not? If they have 100 new bugs, but all useless ones already checked and close life would be almost normal again.
Using llm for things that require knowledge is sketchy and unreliable, but having fixed pipeline checks that runs few hooks, maybe some automated scripts, add context, link bugs, create clear versions of the conversation... That's ok!
We see many companies stumbling on the llm problems when the code get to big or too messy, and that will be it, imho. But using those tools as small quick gains is here to stay.