The end result of that is that your model can't fix or acknowledge security issues for fear of ...

torben-friis • today at 3:13 PM • 1 reply • view on HN

The end result of that is that your model can't fix or acknowledge security issues for fear of disclosing them.

This is the beauty the above poster mentioned: the ability to improve code is inherently coupled with the ability to recognize its shortcomings. You can't have one without the other.

Replies

btilly • today at 3:18 PM

What I suggested would allow it to fix the issues. Just not write a test that was directly usable as a security exploit.

This doesn't stop attackers from being able to leverage the analysis. But it does make the tool more useful for defenders than attackers. Which is the best that you can hope for from a useful tool.

➕ show 2 replies

alt Hacker News

Replies