Much Sturm und Drang in the world of Open Source with the announcement that the "Mythos" AI is now the ultimate hacker and is poised to unleash havoc on every code base. So should you close all your Open Source projects to make them safe? No. Firstly, all your Open Source code has already been slurped up. It was all ingested for "training purposes" years ago. If it was moderately interesting then it was backed-up by a digital hoarder. It has been archived by various digital libraries. Anyone who wants to do research on your code base can. Closing now doesn't meaningfully protect you. Secondly, most of the security holes in your systems are probably not in your code. Vulnerabilities exist throughout your supply chain. All the dependencies - your OS, libraries, and even hardware - are all richer targets for hackers. Finding a CVE in a popular library is almost certainly more worthwhile than investigating your Open Source code. The bigger risk comes not from subtle logic bugs but from…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.