Jonas Schäfer12h ago

Hey, I need a bit of moral compass here. We can agree that using AI to generate code is bad, no questions asked. The environmental and societal impact is awful, the skill loss is real etc.

But! What about security? The past months have shown that AI has become actually good at finding real security issues which have been missed for years in high-profile software.

So not using AI for that might actually expose users to undiscovered security issues which are then found and exploited by more ruthless people.

In light of that: How would you like the maintainer of your favourite Open Source projects use AI?

Boost the hell out of this please.

Not at all
Exclusively to find security issues
To find security issues and for code review
Poll ends at .
Show threadJørn

@jssfr @bert_hubert I voted “Not at all”

My real answer would be that I wouldn’t blame any project for using AI this way if they so choose (whereas I do blame them for vibe-coding); I think you can use it to find some kinds of security issues and that would be useful.

But the poll asks explicitly whether I’d *like* the projects to adopt these, and there my answer is no; projects are already strained for resources, monetary and time. Don’t divert resources you don’t have.

12:01pmWeb