alt Hacker NewsAfter a release, attackers have effectively infinite time to throw an LLM against every line of your code - an LLM that only gets smarter and cheaper to run as time passes. In order to feel secure you’d need to do all the work you’d imagine an attacker would ever do, for every single release you ship.
Replies
mixdup • yesterday at 9:26 PM
The first few times it's going to be expensive, but once everyone level sets with intense scans of their codebases, "every single release" is actually not that big a deal, since you are not likely to be completely rebuilding your codebase every release
➕ show 1 reply
stavros • yesterday at 9:04 PM
This assumes that the relationship between "LLM tokens spent" and "vulnerabilities found" doesn't plateau, though.
rhubarbtree • today at 8:28 AM
But so do you and all your users what’s your point?
> attackers have effectively infinite time
No, attackers are also rational economical actors. They don't randomly attack any software just for the aesthetics beauty of the process. They attack for bounty, for fame, for national interest, etc. No matter the reason it's not random and thus they DO have a budget, both in time and money. They attack THIS project versus another project because it's interesting to them. If it's not, they might move to another project but they certainly won't spend infinite time precisely because they don't have infinite resources. IMHO it's much more interesting to consider the realistic arm race then theoretical scenarii that never take place.