|
|
|
|
|
|
by yqx
1701 days ago
|
|
|
> is it not reasonable to assume that the number of security flaws just reflects how insecure most public code is? It sounds to me like that's not an inference that can easily be drawn. Copilot was trained on predicting code, it doesn't understand the code it produces syntactically. Security issues can be highly context dependent. For example, in most cases it's fine to log a variable, but when it happens to contain a password, it's a security issue. This is a flawed example as the algorithm may be able to learn that variables with names or contexts suggesting that they're secrets should not be logged, but I can imagine much more subtle issues can crop up. |
|
|