(github.com)

425 points sfarshid | 1 comments | 24 Aug 25 16:18 UTC | HN request time: 0.2s | source

Show context

ofjcihen ◴[25 Aug 25 03:09 UTC] No.45009836[source]▶

As a security professional who makes most of my money from helping companies recover from vibe coded tragedies this puts Looney Toons style dollar signs in my eyes.

Please continue.

replies(4): >>45009849 #>>45011422 #>>45011729 #>>45015658 #

torginus ◴[25 Aug 25 08:52 UTC] No.45011729[source]▶

>>45009836 #

Since the entire concept of Vibe Coding existed for a grand total of 5 months, how do companies reach the level of saturation with vibe coding, that it's not only prevalent, but makes sense to specialize in helping them recover from it?

replies(4): >>45011936 #>>45013475 #>>45013677 #>>45013889 #

1. thyristan ◴[25 Aug 25 13:33 UTC] No.45013677[source]▶

>>45011729 #

It only takes one tiny vibe-coded insecure extension to a pre-existing codebase (that might have been good secure code), to turn the whole thing into a catastrophe.

It's basically the same as in other parts of IT security: It only takes one lost root password, one exploited software/device/oversight, one slip, to let an attacker in (yes, defense-in-depth architecture might help, but nonetheless, every long exploit-chain starts with the first tiny crack in the armor).

↑

We put a coding agent in a while loop