Comment by DoctorOetker

I think the commenter was referring to formal verification with "specification and validation": have the LLM emit formal proofs about invariants etc.

Currently the bugs are found by people using LLM's but aren't the developers. As more projects start getting access to compute, they can run those LLM searches for bugs themselves, and can simply prevent shipping the bugs.

I'm surprised no one has tried making any statistical analysis of bug densities, and "bug authors" in an attempt to identify untrustworthy developers, regardless of intent. Given a dataset of authors and prior bugs, it may help find more bugs by tracking their pull requests with higher scrutiny...

Some people may end up with an eternal stain if they've been taking money to submit vulnerable code to code bases...