|
|
|
|
|
|
by muglug
55 days ago
|
|
|
Most of these vulnerabilities could have been discovered much earlier had the same security researchers pointed a SAST tool at the codebase. I wrote an OSS PHP SAST tool 6 years ago, but it's suffered from industry neglect — most people only care about security after an incident, and PHP has enough magical behaviour that any tool needs to be tuned to how specific repositories behave. I agree there's a big opportunity for LLMs to take this work forward, filling in for a lack of human expertise. |
|
|
I stood up a Dokuwiki instance recently and had Qwen look through the codebase, and it didn't find anything critical. It identified "fragile patterns", though.