I'm guessing it ultimately comes down to the legal / financial / career incentives.
replyMy impression is that the market currently rewards visible software functionality with little concern for invisible risk.
If we flipped the script, and investors were personally, criminally, and civilly liable for computer breaches, I imagine this problem would disappear almost overnight.
I'm at a defense contractor so the whole scene is alien to me. I don't really even get the desire to produce code more quickly since for us client verification and approval is always the slow part. Producing software more quickly would just make that problem worse.
replyI'm curious if LLMs would be useful for code understanding and for bug hunting in an environment like that.
replyAre there any good models for those tasks that can work in an air-gapped enclave?
We do have a phi4 installation in the compartment though it's separately compartmented from the rest of the network. It seems pretty good at doing call graphs. It's slower than ctags but can pull more context with it.
reply