The complete post is available where it was originally published on this site
Tested by scanning GitHub for a particular path traversal vulnerability in Node.js projects that’s been around since 2010, the tool identified 1,756 vulnerable projects, some described as “very influential,” and led to 63 projects being patched so far.
The tool opens the possibility for genAI platforms like ChatGPT to automatically create and distribute patches in code repositories, dramatically increasing the security of open source applications.
But the research, described in a recently published paper, also points to a serious limitation in the use of AI that will need to be fixed for this solution to be effective. While automated patching by a large language model (LLM) dramatically improves scalability, the patch also might introduce other bugs.
