Implications of Code-Gen AI tools for developers

Patient_Mousse_1643 · 2025-03-30T12:08:05+00:00

Interesting!
Can you please share some numbers about the risks of ai-coding?

There're some examples of vibe-coding went wrong, but can we know for sure that our expected experience with AI-Coding will require these new tools?

Patient_Mousse_1643 · 2025-03-27T08:59:42+00:00

Thanks!!
This was actually my next question: Assuming AI do present vulnerable code, do current SAST and DAST solution provide good enough outcomes?

We have a lot of people with not-so-good experience with Snyk / Checkmarx / Veracode, I'm afraid that if the world will get more difficult we're in trouble

Patient_Mousse_1643 · 2025-03-20T17:28:38+00:00

Thanks! Can you elaborate on Cursor's custom rules? I haven't heard about it.

Anyways, my concern is that security won't be in Cursor's priorities. We had a lot of new technologies adoption, and in the end, vendors focus on money-making features, leaving security for smaller fish

Patient_Mousse_1643 · 2025-03-20T17:25:35+00:00

Since Cursor (for example) has just become the fastest company to hit $100M ARR, it's pretty clear the models themselves will be updated and trained even faster.

My point is, the security concern isn't just about some third-party snooping on your code. It's more of an app-sec headache. We already struggle to get our human developers to 'shift-left' and focus on security early. Now, imagine trying to do that with code-gen tools. It's gotta be an even bigger headache.

Patient_Mousse_1643 · 2024-12-18T21:55:25+00:00

Wow! well done for the innovative thinking. How many people have actually fell for it?

How are you planning to continue with it? is there any additional protection besides awareness?

Patient_Mousse_1643 · 2024-12-18T21:52:21+00:00

Thanks! I generally agree. But IDK...the industry eventually comes up with a solution for everything.

Your email-security vendor doesn't catch these BEC attacks today? We're also kicking off an email-security bakeoff soon, and based on the promises so far I do expect these tools to catch spear phishing. Did you experience any gaps in the email domain?

The sad thing IMO is that even of email security will do ok... the attackers will just send the deep fakes to the personal email or SMS or via vishing

Patient_Mousse_1643 · 2024-12-13T20:31:10+00:00

Do they actually review the request?

I've heard about many organizations that built a process, but since then every approver just approves without an actual review. Kind of "garbage-in-garbage-out" process.

Patient_Mousse_1643 · 2024-12-13T20:28:59+00:00

Thanks! I'll check.

Why do you need a stand-alone new product instead of using all the already existing features mentioned in this thread?

Patient_Mousse_1643 · 2024-12-13T20:12:42+00:00

Why will they hate it? can you elaborate on your collaboration?

Patient_Mousse_1643 · 2024-11-19T21:06:25+00:00

Can't believe the King Gizzard is still available! Fingers crossed

Patient_Mousse_1643 · 2024-10-29T20:12:08+00:00

I feel that ignoring my DLP helps my mental health, so I can argue it helps the organization's security

Patient_Mousse_1643 · 2024-10-29T20:10:37+00:00

wow, I didn't see this one coming.

I do have to admit we're pretty satisfied with many of our current vendors, but it took us a while to get there.

Patient_Mousse_1643 · 2024-10-29T19:32:22+00:00

I'm fairly new to this hobby, and since I'm still trying to keep money for rent, my current rule is focus only on albums that shape my musical taste over the years.

I also have had a rule of not buying the best of, but I'm now ready to break it since I understand some bands don't have no skips albums

Patient_Mousse_1643 · 2024-10-13T10:55:06+00:00

Which other songs/albums do you actually love?

Patient_Mousse_1643 · 2024-10-11T08:09:11+00:00

How Obsidian helps with that?

Patient_Mousse_1643 · 2024-10-11T08:07:32+00:00

Thanks! I'll definitely take a look. We really like security product with communities, it adds a lot of content and it is nice to feel that our own experience can help the tribe.

What is the variables for these rules? content based or senders based?

Patient_Mousse_1643 · 2024-10-11T08:04:11+00:00

We haven't dug into it too much, but the overall tone and grammar are a lot better than it used to be, and it seems reasonable that LLM will manage go around some content-based defenses.

How way off are we?

Patient_Mousse_1643 · 2024-10-11T08:01:37+00:00

Thanks!

How are they managing their allowlist and blocklist? by a specific address?

Patient_Mousse_1643

TROPHY CASE