It's strange that he shows the graphs with the age of vulnerabilities going up without any real commentary on it (except to say that it's an argument that the number of bugs is not close to zero). I'm not so sure—I think a deeper analysis needs to be done that accounts for the fact that the project itself is aging and also accounts for code churn.
For example, if bugs were introduced and detected via a mostly uniformly random process, but most of the code was written in the early part of the project's lifecycle, then you would expect the age of bugs to go up over time (since there is less young code). Even if the code addition rate was constant, if developers were producing fewer bugs over time, then the age of the bugs would increase, since older code would be buggier.
> If we assume that we fix bugs faster than we introduce new ones and we assume that the AI tools can improve further, the question is then more how much more they can improve and for how long that improvement can go on.
Why would we assume this? Historically it's obviously inaccurate since the world began with 0 software bugs.
It's strange that he shows the graphs with the age of vulnerabilities going up without any real commentary on it (except to say that it's an argument that the number of bugs is not close to zero). I'm not so sure—I think a deeper analysis needs to be done that accounts for the fact that the project itself is aging and also accounts for code churn.
For example, if bugs were introduced and detected via a mostly uniformly random process, but most of the code was written in the early part of the project's lifecycle, then you would expect the age of bugs to go up over time (since there is less young code). Even if the code addition rate was constant, if developers were producing fewer bugs over time, then the age of the bugs would increase, since older code would be buggier.
> If we assume that we fix bugs faster than we introduce new ones and we assume that the AI tools can improve further, the question is then more how much more they can improve and for how long that improvement can go on.
Why would we assume this? Historically it's obviously inaccurate since the world began with 0 software bugs.
There's another problem
Who guarantees that those AI fixes don't introduce new bugs?