Software

Software patches get a new tool—AI

The repair is a “pretty important kind of cleanup duty that we’re all dependent on,” one CSO tells IT Brew.
article cover

Carol Yepes/Getty Images

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Everyone’s excited by the potential of AI to make changes in coding and security.

One thing the technology can do that’s not as sexy, but possibly more important, is crawl existing open-source code for vulnerabilities, an essential task that’s largely been set to the side as innovations in AI keep moving forward. And surprisingly, a government agency is leading the way.

In August, Darpa announced it was working with the Linux Foundation’s Open Source Security Foundation to challenge teams to develop AI systems that can identify and detect threats to open source software, which is “part of roughly 80% of modern software stacks that comprise everything from phones and cars, to electrical grids, manufacturing plants, etc.”

Real life. It’s an initiative with a real, and pressing, problem to solve. Mike Hanley, CSO of GitHub, told IT Brew at the company’s Universe event in November that AI deployment can manage open-source code deficiencies by doing the time-consuming work of detecting vulnerabilities.

GitHub Copilot, the company’s AI prompt engineering software assistant, is working to help developers build out their codebases. But there are still issues, Hanley said, primarily that “the majority of that code is third party, open-source code.” Concerns over open source weaknesses aren’t new; the exploited Log4j vulnerabilities that led to global chaos in 2022 are still causing shockwaves in the industry, as IT Brew reported in April.

“So all that stuff, in some cases some of it hasn’t been touched for years, or we haven’t discovered vulnerabilities yet that were written years ago—as was the case in Log4j,” Hanley said.

Problem solver. The breachability of systems and the continuing rise in ransomware attacks means that application security vulnerabilities will continue to be of concern. Hanley said the repair is a “pretty important kind of cleanup duty that we’re all dependent on,” which is likely to expose problems that developers and other IT professionals aren’t even aware of.

“That will be part of repairing, if you will, some of the damage that we don’t know that we have—or the exposure that we don’t know that we have—whether that takes the form of more precise tactical fixes, or whether it takes the form of learning how to rewrite pieces of software and refactor them,” Hanley said. “This is a really, really, really big problem.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B