| ▲ | serf 3 hours ago |
| llms are fantastic disassembly partners, they're quite good at labeling functions from various dissassemblers -- the net losses from losing the benefits of open source , imo , outweigh the protection afforded by hiding your source code in yet another layer that is more and more easily unrolled through automated procedures. |
|
| ▲ | blensor 3 hours ago | parent | next [-] |
| And isn't it also mostly a transitioning issue. Those open codebases will be constantly scanned for potential security issues and getting more and more hardened.
There are probably a lot of easy wins that are going to be discovered over the next few years but it should taper out after a while. |
| |
| ▲ | merelydev 3 hours ago | parent [-] | | Fair point but it assumes we all have access to LLMs with the same capabilities. | | |
| ▲ | yjftsjthsd-h 3 hours ago | parent [-] | | I don't think that's exactly it. OSS only needs someone to have a strong LLM to check for bugs. If your software is proprietary, it's a competition between just you and whatever model you have vs any attacker and whatever model they can lay hand to. | | |
| ▲ | GTP 2 hours ago | parent [-] | | I don't see the difference. > OSS only needs someone to have a strong LLM to check for bugs. The same applies to propietary, closed-source code. It being closed-source means that the source isn't generally available, but the executable is. Hence, someone with a strong model can still reverse it and find vulns. |
|
|
|
|
| ▲ | 3 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | spongebobstoes 3 hours ago | parent | prev [-] |
| disassembly only applies to client side software something like nginx could arguably be more secure if it was closed source (I am a proponent of and contributor to open source) |
| |
| ▲ | gpm 3 hours ago | parent | next [-] | | Only until a single server running nginx is hacked and the binary leaked though... | |
| ▲ | Hizonner 3 hours ago | parent | prev [-] | | Um, the nginx binary would have to be in the hands of hundreds of thousands of server operators. And the set of server operators is rich in the kind of person who would attack it. Not to mention the huge number of leaks you'd get. Maybe if it's some server-side software that you only use yourself... |
|
