: Hackpocalypse deferred

cross-posted from: https://feddit.org/post/28915274

cross-posted from: https://feddit.org/post/28915273

[…]

That marketing may have outstripped reality. Early reports from Mythos preview users including AWS and Mozilla indicate that while the model is very good and very fast at finding vulnerabilities, and requires less hands-on guidance from security engineers - making it a welcome time-saver for the human teams - it has yet to eclipse human security researchers.

“So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t,” Mozilla CTO Bobby Holley said, after revealing that Mythos found 271 vulnerabilities in Firefox 150. Then he added: “We also haven’t seen any bugs that couldn’t have been found by an elite human researcher.” In other words, it’s like adding an automated security researcher to your team. Not a zero-day machine that’s too dangerous for the world.

  • HaraldvonBlauzahn@feddit.orgOP
    91·
    4 days ago

    i dunno if im off base here, but staying 1 step ahead in the infinitely escalating digital security war requires using AI

    Or just writing new code in Rust, which is much cheaper and prevents a large fraction of bugs

    • jj4211@lemmy.world
      10·
      4 days ago

      While that does mitigate a lot of things, it doesn’t fundamentally guarantee security.

      For example, the language will not guard against things like SQL injection, path traversal, shell injection, the language itself can’t guard against those (however core libraries may discourage dangerous patterns, but ultimately using a library or manually doing something yourself the wrong way.

      I would even venture in this day and age most vulnerabilities are no longer from C misadventures. Between popularity of languages that have more safety rails and more analysis tools…

    • Holla@feddit.org
      3·
      4 days ago

      I do find it funny how Mozilla has created both Rust and Servo, yet FireFox’s Gecko is still written in C/++