top | item 39893683

(no title)

> 10. The FOSS axiom "More Eyes On The Code" works, but only if the "eyes" are educated.

One thing that could help with this is if somebody points an LLM at all these foundational repositories, prompted with "does this code change introduce any security issues?".

discuss

Osiris|1 year ago

Not sure why an LLM would be better than existing static analysis tools. Many projects I have worked on run static vulnerability analysis on PRs.

kqr|1 year ago

I found the black hat!