BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Is open source more secure at the current level of AI?
- Subject: [Discuss] Is open source more secure at the current level of AI?
- From: richard.pieri at gmail.com (Rich Pieri)
- Date: Sat, 11 Apr 2026 21:48:38 -0400
- In-reply-to: <cfbaecd3-841d-40d7-b7c1-b46c2200d5b7@borg.org>
- References: <3ba75ddf-6d93-40c7-85ca-050531c8a4dd@app.fastmail.com> <121cb616-ba15-460b-8633-68b12007d2c1@borg.org> <20260411125347.7a3b1c48.Richard.Pieri@gmail.com> <aae1dbf0-dec1-46cb-b09c-82a6d0257b91@borg.org> <20260411191138.5e292aa7.Richard.Pieri@gmail.com> <cfbaecd3-841d-40d7-b7c1-b46c2200d5b7@borg.org>
On Sat, 11 Apr 2026 16:44:21 -0700 Kent Borg <kentborg at borg.org> wrote: > I did not say otherwise. > I did say that open source means people can easily see the source, > and people with a token budget can have AI tools look at it, too. I > expect they will find stuff. You just did it again: "They can see the code and they'll find bugs they can exploit!" It's still FUD and it's still the same logical fallacy. It doesn't matter what token hacker finds because they're *too late*. Anything they feed into their neural network model of choice will already have been fed into *many* models by security experts at Google and Red Hat and JFrog and Black Duck and etc. Anything token hacker could find will already have been found. We're seeing the effects of this in the wild. Higher tier attackers aren't looking for vulnerabilities in open source projects so much. They're *injecting* vulnerabilities and back doors and malware into packages hosted by public repositories like PyPi and npm, or they're attacking projects directly like XZ Tools, Notepad++ and CPUID. -- \m/ (--) \m/
- Follow-Ups:
- [Discuss] Is open source more secure at the current level of AI?
- From: vab at cryptnet.net (V. Alex Brennen)
- [Discuss] Is open source more secure at the current level of AI?
- References:
- [Discuss] Is open source more secure at the current level of AI?
- From: rrose at pobox.com (Randall Rose)
- [Discuss] Is open source more secure at the current level of AI?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Is open source more secure at the current level of AI?
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Is open source more secure at the current level of AI?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Is open source more secure at the current level of AI?
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Is open source more secure at the current level of AI?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Is open source more secure at the current level of AI?
- Prev by Date: [Discuss] Is open source more secure at the current level of AI?
- Next by Date: [Discuss] Is open source more secure at the current level of AI?
- Previous by thread: [Discuss] Is open source more secure at the current level of AI?
- Next by thread: [Discuss] Is open source more secure at the current level of AI?
- Index(es):
