Kevin BeaumontFeb 16

Today in InfoSec Job Security News:

I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.

So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.

https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc

As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.

Build software better, together

GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.

GitHub
Show threadRichard Hughes
@GossiTheDog I guess the AI security scanners will clean this up with their automated scan and CVE requests.</joke>
Feb 16 at 3:29pmWeb
Show threadJosh BressersFeb 16
@hughsie @GossiTheDog It’s the circle of life. Extra points if the fix has new vulnerabilities in it!