technology

24027 readers

150 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

Wakmrow@hexbear.net

Google says its AI-based bug hunter found 20 security vulnerabilities (techcrunch.com)

submitted 1 month ago by yogthos@lemmygrad.ml to c/technology@hexbear.net

32 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Le_Wokisme@hexbear.net 5 points 1 month ago (1 children)

compare to the cost of humans finding them the normal way, not whatever breach you're imagining.

[–] yogthos@lemmygrad.ml 2 points 1 month ago (2 children)

Clearly the humans didn't find them the normal way, because they wouldn't be there to be found otherwise would they?

[–] limer@lemmy.ml 3 points 1 month ago (1 children)

We don’t know the details yet. Maybe they have a great new tool; perhaps they picked projects that are not maintained so well.

It will be awesome if they found bugs in curl, not so good to show if they picked my project.

What they did will be revealed in time

[–] yogthos@lemmygrad.ml 2 points 1 month ago (1 children)

I'm sure we'll get more info in due time.

[–] limer@lemmy.ml 2 points 1 month ago

Yes, hopefully in a couple of weeks

[–] WrongOnTheInternet@hexbear.net 2 points 1 month ago (1 children)

The last time Google did a media run about Deepmind finding bugs, it related to a vulnerability on an dev branch that hadn't been deployed yet (and was not likely to have been with the vulnerability).

[–] yogthos@lemmygrad.ml 2 points 1 month ago (1 children)

So it found a vulnerability in the code it was given. 🤷

[–] WrongOnTheInternet@hexbear.net 2 points 1 month ago* (last edited 1 month ago) (1 children)

I don't think anyone is suggesting that it is impossible for an LLM to find any vulnerabilities?

But right now we are specifically discussing the costs of a breach, and your post that I responded to specifically relied on a bug not being identified a person.

The discussion isn't whether an LLM can identify bugs, it's whether it can do so in a useful way. In the single previous example, it was not useful.

But similar to the last time, it is likely that the limited utility will only be known until well after the breathless reporting on how amazing AI is

[–] yogthos@lemmygrad.ml 2 points 1 month ago

In the example you provided, it found a vulnerability, which is useful, but they didn't point it at production code. The vulnerability might have been found by other tests and code reviews or it might have not been. The question of whether it's valuable or not really depends on what sort of code we're talking about and what the cost of missing a vulnerability would be.

All I'm saying here is that AI is just another tool that helps find bugs. People here freaking out over the idea that there might be legitimate uses for AI is kind of hilarious to be honest.