|
|
|
|
|
|
by sbarre
482 days ago
|
|
|
I think you misunderstood my comment.. When a non-technical person hires an incompetent developer (that they likely don't know is incompetent at the time of hiring) to build something that turns out to be insecure - because the developer didn't know any better and the non-technical person doesn't have the skills to evaluate the output - no one was trying to do a bad thing, but they didn't know what they didn't know. The non-technical person got something that did what they asked, without understanding all the underlying deficiencies. It's the same with AI, I don't think non-technical people using AI are thinking "I don't care that this is building garbage code full of problems".. Just like the first scenario, they don't know what they don't know, and they end up with something that does what they want, and that's a good outcome based on their limited knowledge. To be clear, I don't think either of these scenarios is excusable or acceptable if you're working with PII or other security-sensitive things, I was just pointing out that this isn't new. |
|
|