| ▲ | tills13 5 days ago | |
> 97% acceptance rate this concerns me given what I've seen generated by these tools. In 10? 5? 1? year(s) are we going to see an influx of CVEs or hiring of Senior+ level developers solely for the purpose of cleaning up these messes? | ||
| ▲ | TheNewsIsHere 5 days ago | parent | next [-] | |
Insofar as CVEs issued for proprietary software, I would expect that the owning organization would not be inclined to blame AI code unless they think they can pass the buck. But as for eventually having to hire senior developers to clean up the mess, I do expect that. Most organizations that think they can build and ship reliable products without human experts probably won’t be around long enough to be able to have actual CVEs issued. But larger organizations playing this game will eventually have to face some kind of reckoning. | ||
| ▲ | falcor84 4 days ago | parent | prev | next [-] | |
Looking at the other side of the coin, I'm hoping that the proliferation of unsafe code would lead to more investment in vulnerability testing tooling, and particularly in reducing false positives by generating potential exploits. Having better security testing would be a massive boon to the industry regardless of whether we use AI to write the code. | ||
| ▲ | STELLANOVA 5 days ago | parent | prev | next [-] | |
I am not really convinced that rate is higher without AI tooling. CVEs existed before AI tools with only humans generating code... | ||
| ▲ | whywhywhywhy 5 days ago | parent | prev [-] | |
Why would you need a human to fix it if you know what the CVE is. | ||