I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding

Detalhes bibliográficos
Autor(a) principal: Gasiba, T. E.
Data de Publicação: 2023
Outros Autores: Oguzhan, K., Kessba, I., Lechner, U., Pinto-Albuquerque, M.
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10071/29201
Resumo: Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, which has been proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human-machine interaction. Recent advances in machine learning led to a breakthrough, with the implementation of ChatGPT by OpenAI. This algorithm has been trained in a large amount of data and is capable of analysing and interpreting not only natural language, but also small code snippets containing source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to which extent can ChatGPT aid software developers in writing secure software?. In this paper, we draw on our experience in the industry, and also on extensive previous work to analyse and reflect on how to use ChatGPT to aid secure software development. Towards this, we run a small experiment using five different vulnerable code snippets. Our interactions with ChatGPT allow us to conclude on advantages, disadvantages and limitations of the usage of this new technology.
id RCAP_28a4caa61ad6162cee610ef79bc2c332
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/29201
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure codingSerious gamesIT-securityMachine learningChatGPTSecure codingIndustrySoftware developmentTeachingSoftware security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, which has been proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human-machine interaction. Recent advances in machine learning led to a breakthrough, with the implementation of ChatGPT by OpenAI. This algorithm has been trained in a large amount of data and is capable of analysing and interpreting not only natural language, but also small code snippets containing source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to which extent can ChatGPT aid software developers in writing secure software?. In this paper, we draw on our experience in the industry, and also on extensive previous work to analyse and reflect on how to use ChatGPT to aid secure software development. Towards this, we run a small experiment using five different vulnerable code snippets. Our interactions with ChatGPT allow us to conclude on advantages, disadvantages and limitations of the usage of this new technology.Schloss Dagstuhl -- Leibniz-Zentrum für Informatik2023-08-30T09:15:34Z2023-01-01T00:00:00Z20232023-08-30T10:12:28Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10071/29201eng978-3-95977-290-72190-680710.4230/OASIcs.ICPEC.2023.2Gasiba, T. E.Oguzhan, K.Kessba, I.Lechner, U.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-07-07T03:26:02Zoai:repositorio.iscte-iul.pt:10071/29201Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T18:23:22.534537Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
title I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
spellingShingle I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
Gasiba, T. E.
Serious games
IT-security
Machine learning
ChatGPT
Secure coding
Industry
Software development
Teaching
title_short I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
title_full I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
title_fullStr I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
title_full_unstemmed I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
title_sort I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
author Gasiba, T. E.
author_facet Gasiba, T. E.
Oguzhan, K.
Kessba, I.
Lechner, U.
Pinto-Albuquerque, M.
author_role author
author2 Oguzhan, K.
Kessba, I.
Lechner, U.
Pinto-Albuquerque, M.
author2_role author
author
author
author
dc.contributor.author.fl_str_mv Gasiba, T. E.
Oguzhan, K.
Kessba, I.
Lechner, U.
Pinto-Albuquerque, M.
dc.subject.por.fl_str_mv Serious games
IT-security
Machine learning
ChatGPT
Secure coding
Industry
Software development
Teaching
topic Serious games
IT-security
Machine learning
ChatGPT
Secure coding
Industry
Software development
Teaching
description Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, which has been proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human-machine interaction. Recent advances in machine learning led to a breakthrough, with the implementation of ChatGPT by OpenAI. This algorithm has been trained in a large amount of data and is capable of analysing and interpreting not only natural language, but also small code snippets containing source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to which extent can ChatGPT aid software developers in writing secure software?. In this paper, we draw on our experience in the industry, and also on extensive previous work to analyse and reflect on how to use ChatGPT to aid secure software development. Towards this, we run a small experiment using five different vulnerable code snippets. Our interactions with ChatGPT allow us to conclude on advantages, disadvantages and limitations of the usage of this new technology.
publishDate 2023
dc.date.none.fl_str_mv 2023-08-30T09:15:34Z
2023-01-01T00:00:00Z
2023
2023-08-30T10:12:28Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/29201
url http://hdl.handle.net/10071/29201
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 978-3-95977-290-7
2190-6807
10.4230/OASIcs.ICPEC.2023.2
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Schloss Dagstuhl -- Leibniz-Zentrum für Informatik
publisher.none.fl_str_mv Schloss Dagstuhl -- Leibniz-Zentrum für Informatik
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833597379676209152

Registros relacionados