This survey does not pertain to a specific vulnerability or attack vector that impacts system security directly. The information provided is about policies and practices regarding AI contributions, which may influence the quality and trustworthiness of codebases but does not constitute a direct threat.
The survey of 112 source-available projects reveals that while many accept AI contributions, some have explicit bans or policies. This includes low-level and high-level projects across various categories like programming languages, databases, web browsers, libraries, operating systems, applications, and infrastructure projects.
Affected Systems
- Bun
- CPython
- GCC
- Go
- Haskell
- Kotlin
- LLVM
- NodeJS
Affected Versions: Various versions are mentioned but no specific version ranges or branches are provided in the survey.
Remediation
- Review the AI contribution policy of your project and ensure it aligns with organizational guidelines.
- Monitor contributions for compliance if an explicit policy is in place.
Stack Impact
The stack impact is related to software development practices and policies, not direct vulnerabilities. Projects like nginx, docker, linux kernel, openssh, curl, openssl, python, and homelab components may be indirectly affected by AI contribution policies but no specific services or versions are impacted.