This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs).
that seems like it wouldn’t work very well except maybe for small programs. the kinds of bugs they’re trying to catch and prevent here may need substantial changes to the program’s design in order to prevent. Like the borrow checker literally does not exist in C and it is not a thing people thought about when writing asynchronous C code. Maybe the AI will take a shortcut and write a bunch of unsafe rust code, but in that case what’s the point?
that seems like it wouldn’t work very well except maybe for small programs. the kinds of bugs they’re trying to catch and prevent here may need substantial changes to the program’s design in order to prevent. Like the borrow checker literally does not exist in C and it is not a thing people thought about when writing asynchronous C code. Maybe the AI will take a shortcut and write a bunch of unsafe rust code, but in that case what’s the point?