Comment by x3n0ph3n3
12 hours ago
I disagree -- we're clearly getting better safeguards by way of AI agents to spot potential vulnerabilities!
12 hours ago
I disagree -- we're clearly getting better safeguards by way of AI agents to spot potential vulnerabilities!
The question is whether the current situation is a short burst of action, and once those most critical bugs get fixed the hype around AI vulnerability scanning will die down, or whether the current crop of system/infra software written in vulnerable languages like C are beyond redemption and they will provide an endless source of critical bugs for AI to find until we fix them by rewriting them in Rust/Go/whatever.
An eternal summer of CVEs is upon us
Seems like those “rewrite in Rust” folks had a point after all (the viability of it for any number of projects being another thing entirely).
A better use of LLMs: To help translate the vast majority of C/C++ developers' output into memory-safe languages. :p
You're likely joking, but in case someone else misunderstands; this is not going to work. Rust with unsafe{} is the only thing you can translate directly to, even with LLMs. Rust with extensive unsafe{} is not something anyone wants to debug or maintain, and is near impossible to improve quickly.
[dead]