Explore the critical issue of code security in an era of AI-generated software through this thought-provoking conference talk from Conf42 DevOps 2024. Delve into the challenges posed by large language models producing insecure code and developers' misplaced trust in AI-generated solutions. Examine the limitations of current security programs and manual processes in keeping pace with rapidly evolving AI capabilities. Discover scalable solutions to address these concerns, including paved roads, enhanced runtime protection using RASP, and the concept of a security tool copilot. Learn about CodeModder, an open-source library for modern code modification. Gain valuable insights into securing the future of software development as AI becomes increasingly prevalent in coding practices.
Who Secures Our Code When an Army of Robots Is Writing It? - DevOps Security Challenges in AI-Driven Development
Overview
Syllabus
intro
preamble
hi, i'm arshan
the army of robots is coming
llms write insecure code and then devs believe it isn't
can't the models just generate secure code?
secure software processes are very manual
limitations of our security programs today
what can scale with the robots?
- paved roads
- better runtime protection with rasp
- security tool copilot
codemodder: a modern, oss codemod library
thank you!
Taught by
Conf42
