Hacker News new | past | comments | ask | show | jobs | submit login

It doesn't seem possible to implement that in a language agnostic way. How do you propose doing such a thing?



Very simple: implement language-specific static analysis backends and a general frontend and vuln management.

Just like every Linux distribution does distributes packages and manages security in a language-agnostic way. Nothing new.

Amazing how people here dismissed my point by downvoting and providing no reasoning.


> language-specific static backends

I guess it sounded like you meant a general solution that wasn’t language specific. I’m still not sure if there’s an abstraction you could use to make language aspects marked as vulnerable - the semantics between languages are just so varied.

Anyway we need the language specific ones first.


> Anyway we need the language specific ones first.

No, we have language-agnostic vuln management since decades and a good tool could use a fall back to the traditional method when a language-specific backend is not available.


I mean language agnostic vuln management that’s capable of marking a particular subset of functionality as vulnerable like this is.


Let's train a neural network to take source code in an arbitrary language as input, and produce a call graph as output. What could go wrong?


Side-note: how do you make a nn output a graph topology? I'm having a hard time imagining how to make a matrix represent that.


Graph Neural Networks! https://distill.pub/2021/gnn-intro/

In a nutshell, you perform NN operations on the nodes and edges of the graph and then send updates across the graph


And then clamp the output to generate vulnerabilities? Could be worth a shot.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: