Dutch and Iranian safety researchers have created an automatic genAI software that may scan large open supply repositories and patch weak code that would compromise functions.
Examined by scanning GitHub for a selected path traversal vulnerability in Node.js initiatives that’s been round since 2010, the software recognized 1,756 weak initiatives, some described as “very influential,” and led to 63 initiatives being patched to this point.
The software opens the likelihood for genAI platforms like ChatGPT to routinely create and distribute patches in code repositories, dramatically rising the safety of open supply functions.
However the analysis, described in a just lately revealed paper, additionally factors to a severe limitation in the usage of AI that can must be mounted for this resolution to be efficient. Whereas automated patching by a big language mannequin (LLM) dramatically improves scalability, the patch additionally may introduce different bugs.
