Dutch and Iranian safety researchers have created an automatic genAI software that may scan big open supply repositories and patch weak code that might compromise purposes.
Examined by scanning GitHub for a selected path traversal vulnerability in Node.js tasks that’s been round since 2010, the software recognized 1,756 weak tasks, some described as “very influential,” and led to 63 tasks being patched up to now.
The software opens the chance for genAI platforms like ChatGPT to robotically create and distribute patches in code repositories, dramatically growing the safety of open supply purposes.
However the analysis, described in a just lately revealed paper, additionally factors to a severe limitation in the usage of AI that may have to be mounted for this resolution to be efficient. Whereas automated patching by a big language mannequin (LLM) dramatically improves scalability, the patch additionally may introduce different bugs.
