Vibe Coding Is the New Open Source–in the Worst Way Possible

Posted3 months agoActive3 months ago

FinnLobsien

4 points

3 comments

wired.comTechstory

skepticalnegative

Debate

20/100

Open SourceSoftware DevelopmentCoding Practices

Key topics

Open Source

Software Development

Coding Practices

The article argues that 'Vibe Coding' has become a problematic trend in software development, similar to how open source was misused, and HN commenters discuss the implications and potential consequences.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

11m

Peak period

1-2h

Avg / period

1.5

Key moments

01Story posted
Oct 6, 2025 at 9:22 AM EDT
3 months ago
Step 01
02First comment
Oct 6, 2025 at 9:33 AM EDT
11m after posting
Step 02
03Peak activity
2 comments in 1-2h
Hottest window of the conversation
Step 03
04Latest activity
Oct 6, 2025 at 11:05 AM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (3 comments)

Showing 3 comments

FinnLobsienAuthor

3 months ago

1 reply

I thought this was an interesting article that gets a few things wrong. Obviously, shipping AI-coded stuff to prod will introduce security risks.

But I also think it's important to define what level of security is actually needed for some of these apps. Obviously if you're shipping a product to thousands of enterprise customers, security needs to be tight.

But I would equate it similar to food safety: Many common practices in home kitchens would get you fired immediately in a restaurant.

But home kitchens serve very few people, store less food and store it for less time. They also have fewer people working on them.

I think the same is true for websites and apps.

There's something to be said for the security your type of project needs vs. perfect security.

dtagames

3 months ago

1 reply

When I worked at IBM as a mainframe programmer in the 90's, the first lesson we were taught is, "There is no such thing as computer security, only the appearance of computer security. Usually, that is enough."

This true at the processor level because any "security" relies on the outcome of a single branch instruction in machine code. If all your security passed, we branch to the "let me in" code. If not, not. No matter how complicated your security is, it will all come down to a single branch instruction and a programmer who can affect the outcome of that branch will bypass any restrictions you put in place.

This is a fundamental truism of computer science, and the software we worked on at IBM did things like run ATMs. When was the last time you heard of someone hacking one of those to spit out bills? Usually, the appearance of computer security is enough.

FinnLobsienAuthor

3 months ago

That's true. Plus the question of how much security you actually need. I've interacted with many, many websites and apps that were horribly insecure (e.g. a hotel checkin tool that stored passport scans in a public firebase bucket...).

In the vast majority of cases, this doesn't actually matter (the passport thing of course is pretty bad). If someone found a vulnerability in a vibe-coded event calendar and hacked into it to change the timing of trivia at your local sports bar... who cares?

It's like home security. If you're not rich, famous or extremely unpopular, you should definitely lock your doors, but you probably don't need armed guards.

View full discussion on Hacker News

ID: 45491136Type: storyLast synced: 11/17/2025, 11:06:28 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN