|
|
|
|
|
|
by DrewADesign
76 days ago
|
|
|
In my experience, most garden variety security problems stem from a) the developer not understanding the implications of something (maybe because they’re new, or operating outside of their usual domain,) or b) the developer not paying close enough attention to realize they did something they know is stupid. We’re only human. Vibe coding obviously doesn’t make something insecure, per se, but saying it doesn’t reduce the attention paid to any given line of code, or encourage less knowledgeable people to write code, seems pretty dubious to me. The Claude Code team is clearly competent and professional, yet they accidentally published the proprietary source code for one of the world’s hottest products. That’s like a Bank manager walking away with the keys in the door and alarm disarmed. When’s the last time you heard of a human team of developers doing that? Again, I’m not saying that vibe coding necessarily creates unsafe code, but I don’t see how anyone could say vibe coding was devoid of security implications. I think this is an organizational/logistical problem that we’ll figure out at some point, but in think it’s going to be more of a C buffer overflow ‘figured out’ that never really goes away. |
|
|