Y
Hacker News
new
|
ask
|
show
|
jobs
by
MangoToupe
176 days ago
> if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern
how do you distinguish this from injecting a vulnerable dependency to a dependency list?
1 comments
Retr0id
176 days ago
You can more easily check for known-vulnerable dependencies
link
MangoToupe
176 days ago
Right, but if you can embed bad packages in LLMs, you can surely embed
any kind of vulnerability imaginable
.
link
Retr0id
176 days ago
I'm not thinking about deliberately embedded vulnerabilities, just accidental/emergent ones. The modern equivalent of devs copy-pasting stackoverflow answers that happen to contain SQL injection vulns.
link
MangoToupe
176 days ago
Does the distinction make any difference?
link
Retr0id
175 days ago
Yes, you'd take different actions to avoid each.
link