| ▲ | linkregister 10 hours ago | |||||||
This is a great example of vulnerability chains that can be broken by vulnerability scanning by even cheaper open source models. The outcome of a developer getting pwned doesn't have to lead to total catastrophe. Having trivial privilege escalations closed off means an attacker will need to be noisy and set off commodity alerting. The will of the company to implement fixes for the 100 Github dependabot alerts on their code base is all that blocks these entrepreneurs. It does mean that the hoped-for 10x productivity increase from engineers using LLMs is eroded by the increased need for extra time for security. This take is not theoretical. I am working on this effort currently. | ||||||||
| ▲ | pixl97 8 hours ago | parent | next [-] | |||||||
I disagree that it's extra time for security, it's the time we should have been spending in the first place. | ||||||||
| ▲ | fragmede 5 hours ago | parent | prev [-] | |||||||
It's great news for developers. Extra spend on a development/test env so dev have no prod access, prod has no ssh access; and SREs get two laptops, with the second one being a Chromebook that only pulls credentials when it's absolutely necessary. | ||||||||
| ||||||||