| ▲ | cm2187 7 hours ago | ||||||||||||||||
> Closed source software won't receive any reports, but it will be exploited with AI How so? AI won't have access to the source code. In some cases AI may have access to deployed binaries (if your business deploys binaries) but I am not aware that it has the same capabilities against compiled code than source code. But in a SAAS world, all AI has access to is your API. It might be still be up to no good but surely you will be several orders of magnitude less exposed than with access to source code. | |||||||||||||||||
| ▲ | geoffschmidt 7 hours ago | parent | next [-] | ||||||||||||||||
Claude is already shockingly good at reverse engineering. Try it – it's really a step change. It has infinite patience which was always the limited resource in decompiling/deobfuscating most software. | |||||||||||||||||
| |||||||||||||||||
| ▲ | advael 5 hours ago | parent | prev [-] | ||||||||||||||||
The opposite is true. Open source barely matters to attackers, especially ones that can be automated. It mostly enables more people (or agents, or people with agents) to notice and fix your vulnerabilities. Secrecy and other asymmetries in the information landscape disproportionately benefit attackers, and the oft-repeated corporate claim that proprietary software is more secure is summarily discounted by most cybersecurity professionals, whether in industry or academic research. This is also seldom the motivation for making products proprietary, but it's more PR-friendly to claim that closing your source code is for security reasons than it is to say that it's for competitive advantage or control over your customers | |||||||||||||||||