You can't bug fix your way out of the vulnpocalypse

20 points by freddyb


trousers

(I work for Anthropic.)

I want to say that I very much appreciate the author putting that right up front.

orib

This is the advice OpenBSD gave in 1996.

wrs

Of course this advice — when you find a bug, don't just fix that bug, fix that entire class of bugs, preferably by fixing what made it possible — is very old, and has always applied to all bugs, not just security bugs.

mempko

Back in 2021 I wrote this https://blog.mempko.com/bugs-faster-than-the-speed-of-thought/

and was quoted in wired about exploits in this article

https://www.wired.com/story/ai-write-code-like-humans-bugs/

Later it was found by Anthropic that you need a small amount of samples to poison a large model https://www.anthropic.com/research/small-samples-poison

We are in fun times...

aaronm04

Is it really a vulnpocalypse though?