And isn't it also mostly a transitioning issue. Those open codebases will be constantly scanned for potential security issues and getting more and more hardened. There are probably a lot of easy wins that are going to be discovered over the next few years but it should taper out after a while.

▲

merelydev 3 hours ago | parent [-]

Fair point but it assumes we all have access to LLMs with the same capabilities.

▲

yjftsjthsd-h 3 hours ago | parent [-]

I don't think that's exactly it. OSS only needs someone to have a strong LLM to check for bugs. If your software is proprietary, it's a competition between just you and whatever model you have vs any attacker and whatever model they can lay hand to.

	▲	GTP 2 hours ago \| parent [-]
		I don't see the difference. > OSS only needs someone to have a strong LLM to check for bugs. The same applies to propietary, closed-source code. It being closed-source means that the source isn't generally available, but the executable is. Hence, someone with a strong model can still reverse it and find vulns.