nobody confident in their own abilities is panicking
-
-
@Viss Panic! At the Infosec?
-
nobody confident in their own abilities is panicking
https://www.theregister.com/2026/02/23/claude_code_security_panic/?td=rt-3a
the people who are panicking are signaling.
@Viss getting supremely annoyed at that headline and how much bullshit it's carrying
-
if youve ever been burned because some asshole in HR shitcanned your resume because "you didnt go to the right college" or you couldnt score a gig because "you refused to get a cissp", or if youve ever ragequit a job because you were just "the token security person who was only there to fulfill a checkbox, and nobody listened to you and you felt like your job didnt matter" then you should want it to burn down too
Don't hold back Viss. Tell us how you really feel.
But seriously, to the point of the original article, yeah, no.
If I'm being very generous and allow that a "spicy linter" might be a halfway decent SAST (static application security testing) tool, that best case scenario would still be overwhelmed by the new and interesting security bugs introduced by their code generating brethren, "spicy autocomplete."
Full agree with Viss on the main point about folks with deep technical view.
-
nobody confident in their own abilities is panicking
https://www.theregister.com/2026/02/23/claude_code_security_panic/?td=rt-3a
the people who are panicking are signaling.
@Viss on but I will panic, just not for the reasons they think.
-
nobody confident in their own abilities is panicking
https://www.theregister.com/2026/02/23/claude_code_security_panic/?td=rt-3a
the people who are panicking are signaling.
@Viss the people who might be panicking for good reason are software maintainers at companies where thes agents are going to be given free range to fix usually inconsequential yellow flags by inserting reams of unreviewed code.
-
nobody confident in their own abilities is panicking
https://www.theregister.com/2026/02/23/claude_code_security_panic/?td=rt-3a
the people who are panicking are signaling.
-
@Viss the people who might be panicking for good reason are software maintainers at companies where thes agents are going to be given free range to fix usually inconsequential yellow flags by inserting reams of unreviewed code.
@kevingranade then the leadership of those companies are going to suffer quite largely when all their engieers quit, and their product catches fire, and all their customers leave.
-
@shafik there will be, at some point, enough people willing to deal with the pain of moving off ancient stuff like that. it may suck at first, but it will basically have to happen at some point because nobody is exactly teaching fortran and cobol these days, so soon as those engineers age out, the shit becomes egyptian heiroglyphs
-
@cR0w @Viss @da_667 I've had that convo!
"We don't have resources to do it safely" is such a strange take for an organization that exists in the real world.
Timelines suck, vendors are charming, shareholders have crazy requests. It's a terrible cycle.
But cheating the cycle is lazy and just erodes the efforts of others.
@jackryder @Viss @da_667 Part of the problem is how many stakeholders are involved with every decision, including upstream and unaffiliated with your own org. It's maddening and difficult since it's gotten so out of hand.
-
@shafik there will be, at some point, enough people willing to deal with the pain of moving off ancient stuff like that. it may suck at first, but it will basically have to happen at some point because nobody is exactly teaching fortran and cobol these days, so soon as those engineers age out, the shit becomes egyptian heiroglyphs
It is basically already like that, I think Vernor Vinge got it right. If we are still around ages from now it will be layers and layers of legacy code no one understands all the way down.
It is a very interesting thought process for someone who is in the depths of software development in big tech to really plan out what such a long term migration would look like just for one company. Once you get it, it is very humbling to realize how hard it really is.
-
J jwcph@helvede.net shared this topic
I chime in with a "Haven't you people ever heard of commenting your goddamn code? No..."
