Y
Hacker News
new
|
ask
|
show
|
jobs
by
Retr0id
176 days ago
You can more easily check for known-vulnerable dependencies
1 comments
MangoToupe
176 days ago
Right, but if you can embed bad packages in LLMs, you can surely embed
any kind of vulnerability imaginable
.
link
Retr0id
176 days ago
I'm not thinking about deliberately embedded vulnerabilities, just accidental/emergent ones. The modern equivalent of devs copy-pasting stackoverflow answers that happen to contain SQL injection vulns.
link
MangoToupe
176 days ago
Does the distinction make any difference?
link
Retr0id
175 days ago
Yes, you'd take different actions to avoid each.
link