Because of asymmetric differences, I don't have access to powerful LLMs but attackers might. And also the complexities of software dependencies (supply chain vulnerabilities), my software depends on packages not in my control and I don't have time to audit the entire stack.
replyPerhaps the answer is to depend only on packages that come from people that are more competent than you so you can know if or when your program is compromised that it'll most likely be your fault and not theirs.
reply