Dutch and Iranian security researchers have created an automatic genAI software that may scan enormous open supply repositories and patch susceptible code that might compromise purposes.
Examined by scanning GitHub for a selected path traversal vulnerability in Node.js tasks that’s been round since 2010, the software recognized 1,756 susceptible tasks, some described as “very influential,” and led to 63 tasks being patched up to now.
The software opens the likelihood for genAI platforms like ChatGPT to robotically create and distribute patches in code repositories, dramatically growing the security of open supply purposes.
However the analysis, described in a just lately revealed paper, additionally factors to a severe limitation in the usage of AI that can should be fastened for this answer to be efficient. Whereas automated patching by a big language mannequin (LLM) dramatically improves scalability, the patch additionally may introduce different bugs.
