Not a big fan of the wording here. Plenty of skilled programmers make dumb mistakes. There should always be systems in place to ensure these dumb mistakes don’t make it to production. Especially when related to sensitive information. Where was the threat model and the system in place to enforce it? The idea that these problems are caused by “shit programmers” misses the real issue: there was either no system or an insufficient system to test features and define security requirements.
I can tell you exactly what happened. “Hey Claude, I need to configure and setup a DB with Firebase to store images from our application.” and then promptly hit shift+tab and then went to go browse Reddit.
nothing was tested. nothing was verified. They let the AI do its thing they checked in on it after an hour or so. once it was done it was add all, commit -m “done”, push origin master. AI doesn’t implement security stuff. there was zero security here.
Not a big fan of the wording here. Plenty of skilled programmers make dumb mistakes. There should always be systems in place to ensure these dumb mistakes don’t make it to production. Especially when related to sensitive information. Where was the threat model and the system in place to enforce it? The idea that these problems are caused by “shit programmers” misses the real issue: there was either no system or an insufficient system to test features and define security requirements.
I can tell you exactly what happened. “Hey Claude, I need to configure and setup a DB with Firebase to store images from our application.” and then promptly hit shift+tab and then went to go browse Reddit.
nothing was tested. nothing was verified. They let the AI do its thing they checked in on it after an hour or so. once it was done it was add all, commit -m “done”, push origin master. AI doesn’t implement security stuff. there was zero security here.
I have found the exact same type of bug shown here probably over a dozen times, most of those long before AI was writing code.
I found a bad programmer!
I found someone who hasn’t yet made their big dumb mistake. Give it time.
I’ve dodged the bullet for 20 years, now. I guess i had better get cracking
You’ve probably already made your Big Dumb Mistake, it just hasn’t been triggered yet.
Or, you just weren’t there any more when it triggered.