‘AI-Powered Remediation’: GitHub Now Offers ‘Copilot Autofix’ Suggestions for Code Vulnerabilities
The feature became available Wednesday as part of the GitHub Advanced Security (or GHAS) service:
“Copilot Autofix analyzes vulnerabilities in code, explains why they matter, and offers code suggestions that help developers fix vulnerabilities as fast as they are found,” GitHub said in the announcement. GHAS customers on GitHub Enterprise Cloud already have Copilot Autofix included in their subscription. GitHub has enabled Copilot Autofix by default for these customers in their GHAS code scanning settings.
Beginning in September, Copilot Autofix will be offered for free in pull requests to open source projects.
During the public beta, which began in March, GitHub found that developers using Copilot Autofix were fixing code vulnerabilities more than three times faster than those doing it manually, demonstrating how AI agents such as Copilot Autofix can radically simplify and accelerate software development.
“Since implementing Copilot Autofix, we’ve observed a 60% reduction in the time spent on security-related code reviews,” says one principal engineer quoted in GitHub’s announcement, “and a 25% increase in overall development productivity.”
The announcement also notes that Copilot Autofix “leverages the CodeQL engine, GPT-4o, and a combination of heuristics and GitHub Copilot APIs.”
Code scanning tools detect vulnerabilities, but they don’t address the fundamental problem: remediation takes security expertise and time, two valuable resources in critically short supply. In other words, finding vulnerabilities isn’t the problem. Fixing them is…
Developers can keep new vulnerabilities out of their code with Copilot Autofix in the pull request, and now also pay down the backlog of security debt by generating fixes for existing vulnerabilities… Fixes can be generated for dozens of classes of code vulnerabilities, such as SQL injection and cross-site scripting, which developers can dismiss, edit, or commit in their pull request…. For developers who aren’t necessarily security experts, Copilot Autofix is like having the expertise of your security team at your fingertips while you review code…
As the global home of the open source community, GitHub is uniquely positioned to help maintainers detect and remediate vulnerabilities so that open source software is safer and more reliable for everyone. We firmly believe that it’s highly important to be both a responsible consumer of open source software and contributor back to it, which is why open source maintainers can already take advantage of GitHub’s code scanning, secret scanning, dependency management, and private vulnerability reporting tools at no cost. Starting in September, we’re thrilled to add Copilot Autofix in pull requests to this list and offer it for free to all open source projects…
While responsibility for software security continues to rest on the shoulders of developers, we believe that AI agents can help relieve much of the burden…. With Copilot Autofix, we are one step closer to our vision where a vulnerability found means a vulnerability fixed.
Read more of this story at Slashdot.
Refueling Hydrogen Cars in California is So Annoying, Drivers are Suing Toyota
He soon learned that hydrogen refueling stations are scarce and reliably unreliable. He learned that apps to identify broken stations hand out bad information. He learned that the state of California, which is funding the station buildout, is far behind schedule — 200 stations were supposed to be up and running by 2025, but only 54 exist. And since Kiskis bought his car, the price of hydrogen has more than doubled, currently the equivalent of $15 a gallon of gasoline.
With fueling so expensive and stations so undependable, Kiskis — who lives in Pacific Palisades and works at Google in Playa Vista — drives a gasoline Jeep for everything but short trips around the neighborhood. “I’ve got a great car that sits in the driveway,” he said. Bryan Caluwe can relate. The retired Santa Monican bought a Mirai in 2022. He likes his car too. “But it’s been a total inconvenience.” Hydrogen stations “are either down for mechanical reasons, or they’re out of fuel, or, in the case of Shell, they’ve rolled up the carpet and gone home.” And don’t get Irving Alden started. He runs a commercial print shop in North Hollywood. He leases a Mirai. He too loves the car. But the refueling system? “It’s a frickin’ joke.”
The three are part of a class action lawsuit filed in July against Toyota. They claim that Toyota salespeople misled them about the sorry state of California’s hydrogen refueling system. “They were told the stations were convenient and readily available,” said lawyer Nilofar Nouri of Beverly Hills Trial Attorneys. “That turned out to be far from reality.” The class action now amounts to two dozen plaintiffs and growing, Nouri said. “We have thousands of these individuals in California who are stuck with this vehicle.” Kiskis believes Toyota sales staff duped him — but says, “I’m just as irritated with the state of California” for poor oversight of the program it’s funding…
Hyundai also sells a fuel cell car in California called the Nexo, and although the the suit is aimed only at Toyota, the hydrogen station situation affects Hyundai too.
Toyota told The Times it’s “committed to customer satisfaction and will continue to evaluate how we can best support our customers. We will respond to the allegations in this lawsuit in the appropriate forum.”
The article does note that the California Energy Commission awarded an extra $9.4 million to hydrogen station operators this year to cover “operations and maintenance” — and that hydrogen cars have their advantages. “The full tank range is 350 to 400 miles. A fill-up usually takes no more than five or 10 minutes.
“But unlike electric vehicles, you can’t fill up at home. You have to travel to a dedicated fueling station….”
Read more of this story at Slashdot.
Ask Slashdot: What Network-Attached Storage Setup Do You Use?
But they could use some good advice:
We’ve got a couple separate disks available as local backup storage, and my own data also gets occasionally copied to encrypted storage at BackBlaze. My daughter has her own “cloud” backups, which seem to be a manual push every once in a while of random files/folders she thinks are important. Including our media library, between my stuff, my daughter’s, and my wife’s… we’re probably talking in the neighborhood of 10 TB for everything at present. The whole setup is obviously cobbled together, and the process is very manual. Plus it’s annoying since I’m handling Mac, Linux, and Windows backups completely differently (and sub-optimally). Also, unsurprisingly, the amount of data we possess does seem to be increasing with time.
I’ve been considering biting the bullet and buying an NAS [network-attached storage device], and redesigning the entire process — both local and remote. I’m familiar with Synology and DSM from work, and the DS1522+ looks appealing. I’ve also come across a lot of recommendations for QNAP’s devices, though. I’m comfortable tackling this on my own, but I’d like to throw this out to the Slashdot community.
What NAS do you like for home use. And what disks did you put in it? What have your experiences been?
Long-time Slashdot reader AmiMoJo asks “Have you considered just building one?” while suggesting the cheapest option is low-powered Chinese motherboards with soldered-in CPUs. And in the comments on the original submission, other Slashdot readers shared their examples:
destined2fail1990 used an AMD Threadripper to build their own NAS with 10Gbps network connectivity. DesertNomad is using “an ancient D-Link” to connect two Synology DS220 DiskStations Darth Technoid attached six Seagate drives to two Macbooks. “Basically, I found a way to make my older Mac useful by simply leaving it on all the time, with the external drives attached.”
But what’s your suggestion? Share your own thoughts and experiences. What NAS do you like for home use? What disks would you put in it?
And what have your experiences been?
Read more of this story at Slashdot.
Dubai Court Recognizes Crypto As a Valid Salary Payment
In 2023, the court acknowledged the inclusion of the EcoWatts tokens in the contract. Still, it did not enforce the payment in crypto, as the employee failed to provide a clear method for valuing the currency in fiat terms. “This decision reflected a traditional viewpoint, emphasizing the need for concrete evidence when dealing with unconventional payment forms,” Heaver said. However, the lawyer said that in 2024, the court “took a step forward,” ruling in favor of the employee and ordering the payment of the crypto salary as per the employment contract without converting it into fiat. Heaver added that the court’s reliance on the UAE Civil Transactions Law and Federal Decree-Law No. 33 of 2021 in both judgments shows the consistent application of legal principles in wage determination.
Read more of this story at Slashdot.
US Fines T-Mobile $60 Million, Its Largest Penalty Ever, Over Unauthorized Data Access
Read more of this story at Slashdot.
National Public Data Confirms Breach Exposing Social Security Numbers
In the statement disclosing the security incident, National Public Data says that “the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).” The company acknowledges the “leaks of certain data in April 2024 and summer 2024” and believes the breach is associated with a threat actor “that was trying to hack into data in late December 2023.” NPD says they investigated the incident, cooperated with law enforcement, and reviewed the potentially affected records. If significant developments occur, the company “will try to notify” the impacted individuals.
Read more of this story at Slashdot.