My gut feeling is that the security vulnerabilities that Copilot introduces here are fairly commonly done by your average JS programmer without Copilot.
Non-https is the URL that text-processing.com tells you to use in its examples. And as johnfuller notes, text-processing.com has a bad https certificate.
I encounter the incorrect usage of body constantly.
I’m not exactly sure what this means for your prediction.
On the one hand, it’s wrong code. On the other hand, there’s a lot of unknowns right now.
Will people who would’ve otherwise written the right code get lulled into complacency and just accept whatever Copilot tells them?
Maybe Copilot will on average write more secure code than the average developer?
If so, maybe that outweighs the number of people lulled into complacency?
Is that snippet suggested because that code base already using text-processing.com in other places or is that just the generic snippet Copilot inserts for doing POSTs?
I do think that the quality of code output by ML systems will increase much more rapidly than the quality of code output by human engineers. It’s just not that hard to do things like generating millions of completions and fine-tuning the model to avoid all the common security problems, whereas the analogous education project with human engineers is quite challenging.
My gut feeling is that the security vulnerabilities that Copilot introduces here are fairly commonly done by your average JS programmer without Copilot.
Non-https is the URL that text-processing.com tells you to use in its examples. And as johnfuller notes, text-processing.com has a bad https certificate.
I encounter the incorrect usage of
bodyconstantly.I’m not exactly sure what this means for your prediction.
On the one hand, it’s wrong code. On the other hand, there’s a lot of unknowns right now.
Will people who would’ve otherwise written the right code get lulled into complacency and just accept whatever Copilot tells them?
Maybe Copilot will on average write more secure code than the average developer?
If so, maybe that outweighs the number of people lulled into complacency?
Is that snippet suggested because that code base already using text-processing.com in other places or is that just the generic snippet Copilot inserts for doing POSTs?
I do think that the quality of code output by ML systems will increase much more rapidly than the quality of code output by human engineers. It’s just not that hard to do things like generating millions of completions and fine-tuning the model to avoid all the common security problems, whereas the analogous education project with human engineers is quite challenging.