Hacker Neue

Preferences
Retr0id parent
It's going to be fun if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern. That'll be a lot harder to remediate than "Update dependency xyz"
MangoToupe
> if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern

how do you distinguish this from injecting a vulnerable dependency to a dependency list?

Retr0id OP
You can more easily check for known-vulnerable dependencies
MangoToupe
Right, but if you can embed bad packages in LLMs, you can surely embed any kind of vulnerability imaginable.
Retr0id OP
I'm not thinking about deliberately embedded vulnerabilities, just accidental/emergent ones. The modern equivalent of devs copy-pasting stackoverflow answers that happen to contain SQL injection vulns.
MangoToupe
Does the distinction make any difference?
Retr0id OP
Yes, you'd take different actions to avoid each.

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal