#dependency-risk

[ follow ]
#vm2 #sandbox-escape #untrusted-code #application-security #ai-coding-assistants #security-vulnerabilities
Information security
fromInfoWorld
5 days ago

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Sandboxing untrusted JavaScript in vm2 is fragile because sandbox escapes can enable full system compromise when credentials, secrets, filesystem, network, or deployment privileges are accessible.
fromDevOps.com
3 months ago

4 Security Risks of AI Code Assistants - DevOps.com

They are often trained on public domain code, which can be secure or insecure. The AI coding assistant is not able to identify which is which. It also rewrites code from these sources without noticing any logical issues that might exist. AI is rewarded based on whether it completes a task, not if it is done well, so it might create code that is not secure or without necessary security controls.
Artificial intelligence
[ Load more ]