Remember Linus's Law?
-
Remember Linus's Law? While it was never really true, there are now A LOT of people looking for vulnerabilities with LLMs, and they're finding vulnerabilities EVERYWHERE
While Linus's Law was clearly nonsense, this is creating an increase in vulnerabilities the world is completely unprepared to deal with
What happens if we have a million CVEs every year?
-
R relay@relay.infosec.exchange shared this topic
-
Remember Linus's Law? While it was never really true, there are now A LOT of people looking for vulnerabilities with LLMs, and they're finding vulnerabilities EVERYWHERE
While Linus's Law was clearly nonsense, this is creating an increase in vulnerabilities the world is completely unprepared to deal with
What happens if we have a million CVEs every year?
-
@liw hi5!
-
Remember Linus's Law? While it was never really true, there are now A LOT of people looking for vulnerabilities with LLMs, and they're finding vulnerabilities EVERYWHERE
While Linus's Law was clearly nonsense, this is creating an increase in vulnerabilities the world is completely unprepared to deal with
What happens if we have a million CVEs every year?
@joshbressers maybe.... fix them slowly, and write new code more slowly, carefully, and deliberately?
-
Remember Linus's Law? While it was never really true, there are now A LOT of people looking for vulnerabilities with LLMs, and they're finding vulnerabilities EVERYWHERE
While Linus's Law was clearly nonsense, this is creating an increase in vulnerabilities the world is completely unprepared to deal with
What happens if we have a million CVEs every year?
A million CVEs is gonna look like rookie numbers in 3-5 years. The quantity of vulnerabilities will increase with the quantity of code and that's ballooning now.
Thing is, any pentester or appsec person could have told you this stuff is there and has been forever. It's occult knowledge basically; hidden because nobody's actually been looking.
The reckoning here isn't that this is creating some unbeatable tide of new problems, it's that for years people have refused to foundationally build in secure design and development practices in our education for any kind of programmer, developer, or architect. Pushing left is the only reliable way to turn this tap off - prevent the mistakes as or before they're made. Instead, the industry has collectively decided to build tap opening automation at grand scales.
"Oh no we've defended our appsec program" is basically where loads of companies are.
Look to climate change for how well we're goanna handle this.
-
@joshbressers maybe.... fix them slowly, and write new code more slowly, carefully, and deliberately?
@hyc While I would love to see this, I suspect that ship sailed a long time ago
-
A million CVEs is gonna look like rookie numbers in 3-5 years. The quantity of vulnerabilities will increase with the quantity of code and that's ballooning now.
Thing is, any pentester or appsec person could have told you this stuff is there and has been forever. It's occult knowledge basically; hidden because nobody's actually been looking.
The reckoning here isn't that this is creating some unbeatable tide of new problems, it's that for years people have refused to foundationally build in secure design and development practices in our education for any kind of programmer, developer, or architect. Pushing left is the only reliable way to turn this tap off - prevent the mistakes as or before they're made. Instead, the industry has collectively decided to build tap opening automation at grand scales.
"Oh no we've defended our appsec program" is basically where loads of companies are.
Look to climate change for how well we're goanna handle this.
@fennix Agreed!
It's going to be a very silly couple of years
-
Remember Linus's Law? While it was never really true, there are now A LOT of people looking for vulnerabilities with LLMs, and they're finding vulnerabilities EVERYWHERE
While Linus's Law was clearly nonsense, this is creating an increase in vulnerabilities the world is completely unprepared to deal with
What happens if we have a million CVEs every year?
@joshbressers What if most of them are bullshit?
