Shostack + Friends Blog

GPT-3

Text captured from GPT-3

On the OWASP Slack, DS posted:

Chatgpt can create entire STRIDE libraries. Just a sample of spoofing threats for a backend to backend service in kubernetes. I did this with all other type of threats.Also, created a library for client side threats in a similar fashion. Saved hours of work 😅 May not be perfect, but that’s why you need a human layer to it to make right decisions ;)

Andrew Feeney:

@webber described ChatGPT as Mansplaining As A Service, and honestly I can't think of a better description. A service that instantly generates vaguely plausible sounding yet totally fabricated and baseless lectures at an instant with unflagging confidence in it's own correctness on any topic, without concern, regard or awareness even of the level of expertise of it's audience.

* Most threats are simpleMost threats are simple * surprise * reason by analogy * habituation * * Great TM vs run of the mill TM * book https://www.linkedin.com/pulse/uncertain-futures-using-chatgpt-generate-risk-fair-inputs-whitsitt/

Originally published by Adam on 09 Dec 2022
Categories: economics software engineering chatgpt

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.