AI will shorten update windows dramatically. 2026 is the worst year to be thinking about dependency cooldowns, we need to think about dependency warmups instead.

Soon, there will be no such thing as a safe way to disclose a vulnerability in an open source project. Centralized SaaS will have a major security advantage here.

▲

lll-o-lll 4 hours ago | parent | next [-]

Closed source centralized SaaS will have a major security advantage.

Edit: Because an RCE in a open-source dependency means you are just as vulnerable when the security patch lands? I don’t see the controversy.

▲

woah 6 hours ago | parent | prev [-]

You could have a web of trust where Linux-using organizations each spend $x continuously scanning and patching their own dependencies with AI, and sending each other patches and scans.

▲

dakolli 2 hours ago | parent [-]

LLMs aren't capable of doing this, and never will be no matter what Anthropic tries tell you.

	▲	a_vanderbilt an hour ago \| parent \| next [-]
		That's the same mindset some people had 3 years ago when they said AI wouldn't be capable of software development. Look where we are now.
	▲	fragmede 2 hours ago \| parent \| prev [-]
		Mozilla seems to think it can. https://blog.mozilla.org/en/privacy-security/ai-security-zer...