Saagar Jha (@saagar@saagarjha.com)

Misuse Case

03/31/2024 (replying to Saagar Jha)

@saagar I think it is worth clarifying that the danger of deliberately or accidentally introduced vulnerabilities is not just a problem with this particular codebase or open source projects or anything like that. This is a problem with *everything* because it’s all so complex these days.

No single person “understands” it all. No small group of people does. Nobody can. It’s too big.

1/2

Misuse Case

03/31/2024 (replying to Misuse Case)

@saagar And I see some of y’all saying “but AI can help with reviewing this big codebase.” No, I assure you, it cannot. If humans can’t understand these huge masses of code, then AI (which isn’t really that at all) certainly can’t, because AI doesn’t “understand” anything.

It can maybe find possible compliance/rulebreaking issues, generating many false positives along the way, but not holistic/architectural gaps to be exploited. You need humans to find those.

2/2