| ▲ | mikestorrent 15 hours ago | |
> a code smell Smells are changing, friend. Now, when I see a program with 20000 library dependencies that I have to feed into a SAST and SCA system and continually point-version-bump and rebuild, it smells a hell of a lot worse to me than something self-contained. At this point, I feel like I can protect the latter from being exploited better than the former. | ||
| ▲ | JoshTriplett 7 hours ago | parent [-] | |
> At this point, I feel like I can protect the latter from being exploited better than the former. I expect that your future CVEs will say otherwise. People outside your organization have seen those library dependencies, and can update them when they discover bugs or security issues, and you can automatically audit a codebase to make sure it's using a secure version of each dependency. Bespoke AI-generated code will have bespoke bugs and bespoke security issues. | ||