Comment by miki123211

16 hours ago

AI will shorten update windows dramatically. 2026 is the worst year to be thinking about dependency cooldowns, we need to think about dependency warmups instead.

Soon, there will be no such thing as a safe way to disclose a vulnerability in an open source project. Centralized SaaS will have a major security advantage here.

8 comments

miki123211

lll-o-lll 15 hours ago

Closed source centralized SaaS will have a major security advantage.

Edit: Because an RCE in a open-source dependency means you are just as vulnerable when the security patch lands? I don’t see the controversy.

woah 16 hours ago

You could have a web of trust where Linux-using organizations each spend $x continuously scanning and patching their own dependencies with AI, and sending each other patches and scans.

dakolli 13 hours ago
LLMs aren't capable of doing this, and never will be no matter what Anthropic tries tell you.
- a_vanderbilt 12 hours ago
  
  That's the same mindset some people had 3 years ago when they said AI wouldn't be capable of software development. Look where we are now.
  
  1 reply →
- fragmede 12 hours ago
  
  Mozilla seems to think it can.
  https://blog.mozilla.org/en/privacy-security/ai-security-zer...
  
  2 replies →