|
|
|
|
|
|
by UltraSane
46 days ago
|
|
|
In 5 years attackers have an advantage but in the long run I think more secure if developers use LLMs on software to find and fix all of the worse remotely exploitable bugs before release. LLMs are going to force devs to be much more security conscious. |
|
|
Ideally, you'd do a comprehensive all-source-code scan, (and the LLM-scanner finds everything during those scans), and fix all the reported defects.
Afterwards, any dev that commits code will run the LLM-scanner on the modified code (and affected areas) and fix any reported defects.
So the black-hat hacker would be shut out unless they get access to an LLM-scanner with better analysis than what the target project is using.
Major LLM-scanners could give priority access for new versions of LLM-scanners to major projects to find any defects in the current source code before any other party could use the reported defects against the project or their users.
So black-hat hackers would be left with developing their own LLM-scanner better/more efficient than existing major LLM-scanners.
Given enough incentive, they might develop such a tool. Look at the market for zero-day vulnerabilities for smartphones, esp iPhones.