28
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 18 Apr 2026
28 points (100.0% liked)
Opensource
5985 readers
28 users here now
A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!
⠀
founded 2 years ago
MODERATORS
If AI scanning code for vulns is the problem, why don't the developers have AI scan their code for vulns before release?
They do give a clue as to a reason/excuse why not in the article:
Also, they come up with so many false positives that it's a huge job to check over the reports for something usable.
That's literally just pen testing, though. You search through tons of holes just to find the tunnel you were going down was blocked and not an issue.
I asked this at my company wide security training session. The answer I received was that 0 days are hard to detect which is what makes them dangerous. Well duh, you just told me criminals were using currently available open source AI tools to find them. A total non answer was provided.
So I just used the company mandated AI to scan or source code for vulnerabilities and patched the 2 it found.