I also made a list of tips on writing code with AI, with a special focus on security. Others may find the tips useful. Here they are:
https://openssf.org/blog/2026/01/05/ai-software-development-...
Readit Newsdwheeler commented on How to effectively write quality code with AI heidenstedt.org/posts/202... · Posted by u/i5heu
dwheeler commented on MongoBleed Explained Simply bigdata.2minutestreaming.... · Posted by u/todsacerdoti
This has many similarities to the Heartbleed vulnerability: it involves trusting lengths from an attacker, leading to unauthorized revelation of data.
dwheeler commented on In Defense of Matlab Code runmat.org/blog/in-defens... · Posted by u/finbarr1987
Many people use Octave https://octave.org/ which is compatible (generally) with Matlab, supports this simple syntax, and is open source software. Indeed, I've taken at least one class where the instructor asked people use Octave for these kinds of calculations.
dwheeler commented on HipKittens: Fast and furious AMD kernels hazyresearch.stanford.edu... · Posted by u/dataminer
If your competitor has a 5-year lead, and is working as hard as you are, or harder, then you are not gonna catch up any time soon. Also yes networking.
That's only true if future improvements are easy to create as past ones, that customers care as much about those improvements, and there are no other differentiators.
For example, many companies do well by selling a less capable but more affordable and available product.
dwheeler commented on I think nobody wants AI in Firefox, Mozilla manualdousuario.net/en/mo... · Posted by u/rpgbr
I love having built-in local natural language translation implemented by AI, which Firefox provides. Local models have different properties than remote properties, and natural language translation is a useful thing. AI should be added when it solves a real need, and the risks can be minimized (or at least controlled). The goal shouldn't be to use AI, the goal should be to solve problems for humans.
The Linux Foundation's Open Source Security Foundation (OpenSSF) has released a free online course "Secure AI/ML-Driven Software Development (LFEL1012)". It discusses protecting your software development environment, creating more secure software, and reviewing changes.
As someone who uses AI for coding, emails, design documents, and so on...
I'm always a bit confused by the "training" rhetoric. It's the easiest thing to use. Do people need training to use a calculator?
This isn't like using Excel effectively and learning all the features, functions and so on.
Maybe I overestimate my ability as a technically savvy person to leverage AI tools, but I was just as good at using on day 1 than 2 years later.
Yes, you need training if you want something good instead of slop. For example, when asked to write functions that can be secure or insecure, 45% of the time they'll do it the insecure way, and this has been stable for years. We in the OpenSSF are going to release a free course "Secure AI/ML-Driven Software Development (LFEL1012)". Expected release date is October 16. It will be here: https://training.linuxfoundation.org/express-learning/secure...
Fill in this form to receive an email notification when the course is available: https://docs.google.com/forms/d/e/1FAIpQLSfWW8M6PwOM62VHgc-Y...
Summarizes what's happened in the Open Source Security Foundation (OpenSSF) since its founding five years ago.