Quote:
Originally Posted by Quoth
[...]
Also comparing regular software, FOSS or not to AI trustworthiness is an insult to programmers. [...]
|
You were questioning supply-chain trust issues (Google vs outsourced), which is what I was responding to. The trust issue with that has little to do with the programmers involved, open or closed, conventional or AI.
Still, it is worth looking at our programmers. Let me get a mirror... nope, I wouldn't trust him either.
Being well intentioned does not make a programmer an expert in security. Being open-source makes code available for review but does not guarantee that any review takes place. Being closed source doesn't ensure that resources will be allocated to review code. There are many examples of bugs showing up after decades. I've found decades-old bugs in my own code! Such examples prove that review has not been comprehensive, and my experience suggests it has been very selective indeed. Given that, do you really think that being open source is a guarantee against supply-chain attacks such as the Solar Winds debacle? The layers of vulnerability in any major conventional software project, open or closed source, boggle the mind!
And that's all with largely deterministic conventional code. Now take a look at AI and despair. Well, I would. But no, there are many intrepid people out there carefully studying AI systems and trying to understand how to understand them. People like this are probing the trustworthiness of both conventional and AI systems. It's not an insult, it's just accepting the reality.