Assessing the Security of GitHub Copilot Generated Code - A Targeted Replication Study.
CoRR(2023)
摘要
AI-powered code generation models have been developing rapidly, allowing
developers to expedite code generation and thus improve their productivity.
These models are trained on large corpora of code (primarily sourced from
public repositories), which may contain bugs and vulnerabilities. Several
concerns have been raised about the security of the code generated by these
models. Recent studies have investigated security issues in AI-powered code
generation tools such as GitHub Copilot and Amazon CodeWhisperer, revealing
several security weaknesses in the code generated by these tools. As these
tools evolve, it is expected that they will improve their security protocols to
prevent the suggestion of insecure code to developers. This paper replicates
the study of Pearce et al., which investigated security weaknesses in Copilot
and uncovered several weaknesses in the code suggested by Copilot across
diverse scenarios and languages (Python, C and Verilog). Our replication
examines Copilot security weaknesses using newer versions of Copilot and CodeQL
(the security analysis framework). The replication focused on the presence of
security vulnerabilities in Python code. Our results indicate that, even with
the improvements in newer versions of Copilot, the percentage of vulnerable
code suggestions has reduced from 36.54% to 27.25%. Nonetheless, it remains
evident that the model still suggests insecure code.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要