Security

847 readers

11 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

All instance-wide rules apply.
Keep it totally legal.
Remember the human, be civil.
Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

LinearArray@programming.dev

102

‘Vibe coding’ using LLMs susceptible to most common security flaws (www.scworld.com)

submitted 2 days ago by neme@lemm.ee to c/security@programming.dev

16 comments fedilink hide all child comments

top 16 comments

sorted by: hot top controversial new old

[–] hperrin@lemmy.ca 4 points 1 day ago

Vibe coding is just like passing all your coding tasks off to that friend who’s been doing coding as a hobby for the last four months.

[–] iAvicenna@lemmy.world 11 points 1 day ago

[–] ptz@dubvee.org 31 points 2 days ago (1 children)

Who would have thought letting an AI shit out slop code would produce insecure, slop code? I'm shocked, I tell you. Shocked.

[–] i_dont_want_to@lemmy.blahaj.zone 17 points 2 days ago

Just keep giving it more prompts and editing the output until the squiggles go away and it runs. It will be just fine, surely.

[–] 18USCode2381@infosec.pub 25 points 2 days ago* (last edited 2 days ago)

Vibe coding = VaaS, Vulnerabilities as a Service.

[–] fubarx@lemmy.world 7 points 1 day ago (1 children)

Vibecoding without git (so you can revert back to a last working version) is like:

Walking into a nightclub without condoms
Trick bicycling without a seat
Jumping out of a plane without a reserve chute
...

[–] Kissaki@programming.dev 4 points 1 day ago

In Vibecoding you can let the AI do the git commits and reverts

[–] Valmond@lemmy.world 10 points 2 days ago (1 children)

Even classic coders doesn't automatically write safe and secure code.

[+] meliante@lemm.ee -7 points 2 days ago (1 children)

That's the crux of it. People talk like most coders are some kind of know all security and best practices wise.

That's just a lie or virgin innocence.

Most coders are just keyboard monkeys, those are the replaceable ones.

[–] nexas_XIII@lemm.ee 5 points 1 day ago (1 children)

Ah yes, as they gain experience and learn they’re still just keyboard monkeys. Guess we should go back and try to type up some Shakespeare eh?

[–] Glitch@lemmy.dbzer0.com 0 points 1 day ago

Lol and hammers are terrible at setting screws. I appreciate the heck out of vibe coding a prototype and massaging it into place. It doesn't work well for security, polish, performance, heck most things really. Vibe coding only really replaced stack overflow lol