> 10. The FOSS axiom "More Eyes On The Code" works, but only if the "eyes" are e... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jbergknoff on April 1, 2024 \| parent \| context \| favorite \| on: What we know about the xz Utils backdoor that almo... > 10. The FOSS axiom "More Eyes On The Code" works, but only if the "eyes" are educated. One thing that could help with this is if somebody points an LLM at all these foundational repositories, prompted with "does this code change introduce any security issues?".

Osiris on April 1, 2024 | [–]

Not sure why an LLM would be better than existing static analysis tools. Many projects I have worked on run static vulnerability analysis on PRs.

kqr on April 1, 2024 | [–]

I found the black hat!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact