Insecure Code

Insecure code generated by large language models (LLMs) is a significant concern in software development, prompting research focused on identifying and mitigating vulnerabilities. Current studies utilize various LLMs, including GPT-3.5, GPT-4, and Code Llama, to investigate the prevalence of insecure code generation, assessing their ability to both detect and repair vulnerabilities through techniques like iterative repair and trigger inversion. These findings are crucial for improving the security of software development processes and ensuring the reliable deployment of AI-assisted code generation tools.

Papers

November 13, 2024

Rethinking CyberSecEval: An LLM-Aided Approach to Evaluation Critique
Suhas Hariharan, Zainab Ali Majid, Jaime Raldua Veuthey, Jacob Haimes
Global Evaluation LLM Benchmark Meta Level Insecure Code

October 14, 2024

SecCodePLT: A Unified Platform for Evaluating the Security of Code GenAI
Yu Yang, Yuzhou Nie, Zhun Wang, Yuheng Tang, Wenbo Guo, Bo Li, Dawn Song
Security Related GenAI Integration Unified Library Dynamic Evaluation Insecure Code

August 20, 2024

How Well Do Large Language Models Serve as End-to-End Secure Code Producers?
Jianian Gong, Nachuan Duan, Ziheng Tao, Zhaohui Gong, Yuan Yuan, Minlie Huang
Code Generation Source Code Vulnerable Code Code Security Insecure Code

August 16, 2024

PatUntrack: Automated Generating Patch Examples for Issue Reports without Tracked Insecure Code
Ziyou Jiang, Lin Shi, Guowei Yang, Qing Wang
Bug Report Patch Generation Insecure Code Security Patch

August 8, 2024

Eliminating Backdoors in Neural Code Models via Trigger Inversion
Weisong Sun, Yuchen Chen, Chunrong Fang, Yebo Feng, Yuan Xiao, An Guo, Quanjun Zhang, Yang Liu, Baowen Xu, Zhenyu Chen
Backdoor Attack Backdoor Defense Backdoor Removal Neural Code Model Insecure Code Trigger Inversion

April 29, 2024

Do Neutral Prompts Produce Insecure Code? FormAI-v2 Dataset: Labelling Vulnerabilities in Code Generated by Large Language Models
Norbert Tihanyi, Tamas Bisztray, Mohamed Amine Ferrag, Ridhi Jain, Lucas C. Cordeiro
Large Language Model Code Generation Real World Code Billion Parameter Insecure Code

March 22, 2024

Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers
Sivana Hamer, Marcelo d'Amorim, Laurie Williams
ChatGPT Generated Conversation Generative Artificial Intelligence Real World Code Security Vulnerability Stack Overflow Copy Paste Inherent Vulnerability SAfER Instruct Insecure Code

March 19, 2024

A Study of Vulnerability Repair in JavaScript Programs with Large Language Models
Tan Khang Le, Saba Alimadadi, Steven Y. Ko
Code Generation Study Feature Security Vulnerability Vulnerability Repair Insecure Code

November 1, 2023

SALLM: Security Assessment of Generated Code
Mohammed Latif Siddiq, Joanna C. S. Santos, Sajith Devareddy, Anna Muller
Code Generation Security Related Generate Quick LLM Generated Code Code Security Competitive Programming Insecure Code

December 3, 2021

Examining Zero-Shot Vulnerability Repair with Large Language Models
Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt
Code Completion Vulnerability Repair Vulnerability Type Insecure Code