Acknowledge AI-generated code may get better, but not perfect

david-a-wheeler · david-a-wheeler · commit 0bf74b3392ca · 2025-05-22T21:58:58.000-04:00
Some readers may say "well, those citations are more than a year
ago, so that can't apply". So state that yes, things will probably
get better, but they won't become perfect, so the point will still
stand.

Signed-off-by: David A. Wheeler &lt;dwheeler@dwheeler.com&gt;
diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md
@@ -5463,6 +5463,8 @@ less secure code, but were more likely to believe their code was secure
 [Perry2022](https://arxiv.org/abs/2211.03622).
 Another found 35.8% of code snippets contained vulnerabilities
 [Fu2023](https://arxiv.org/abs/2310.02059).
+AI-generated code will probably get better over time,
+but perfection is unlikely.
 Even worse, LLM systems often hallucinate package names that don't exist.
 Attackers can then perform *slopsquatting*, that is,
 they create malicious packages with those LLM-hallucinated fake names
