|
|
|
|
|
|
by toomuchtodo
1767 days ago
|
|
|
Copilot didn't worsen the appsec story, it just highlighted it. If you have devs who don't know how to write secure code, and/or you don't have security engineering support (internal or outsourced), you were already failing (or probably more apropos, walking the tight rope without a net). Was anyone checking the security of code copy pasted from Stackoverflow? Hopefully this work gets fed back into Copilot, improving it, which improves the experience (and safety) for its users. Lots of folks are still writing code without copilot or security engineering knowledge. |
|
|
The problem with GHC is the developers are not writing the code - they're simply accepting what's being written for them, often in large quantities at a time.
> don't have security engineering support
Valuable, but my analogy was intended to point out that it's not inherent in the tooling.
> Was anyone checking the security of code copy pasted from Stackoverflow
Yes, other users on Stackoverflow via comments and other answers. They're not perfect, but their checks and balances exist as a facet of that tool.
> Hopefully this work gets fed back into Copilot
Only if it's open source, and a large volume of it, to boot. In other words, I don't hold hope that the security situation will be better anytime soon.