had a good conversation earlier that went something like this:
-
had a good conversation earlier that went something like this:
them: “is AI making pentesting easier?”
me: “yes.”
them: “why, because you can use it to look for vulnerabilities in code quicker?”
me: “no, because it generates vulnerabilities in code quicker”
-
had a good conversation earlier that went something like this:
them: “is AI making pentesting easier?”
me: “yes.”
them: “why, because you can use it to look for vulnerabilities in code quicker?”
me: “no, because it generates vulnerabilities in code quicker”
It is even worse than that, so yes static analysis tools have gotten a lot better but the number of false positives are very large.
So none of this can be automated you need a human in the loop and it is tiiiimmmmee consuming.
We have been trying to solve this for decades and we are not close to be able to automate bug finding in a way that scales for large projects.
-
R ActivityRelay shared this topic
