License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.ICPEC.2023.2
URN: urn:nbn:de:0030-drops-184986
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2023/18498/
Go to the corresponding OASIcs Volume Portal

Espinha Gasiba, Tiago ; Oguzhan, Kaan ; Kessba, Ibrahim ; Lechner, Ulrike ; Pinto-Albuquerque, Maria

I'm Sorry Dave, I'm Afraid I Can't Fix Your Code: On ChatGPT, CyberSecurity, and Secure Coding

pdf-format:
OASIcs-ICPEC-2023-2.pdf (0.5 MB)

Abstract

Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, which has been proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human-machine interaction.
Recent advances in machine learning led to a breakthrough, with the implementation of ChatGPT by OpenAI. This algorithm has been trained in a large amount of data and is capable of analysing and interpreting not only natural language, but also small code snippets containing source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to which extent can ChatGPT aid software developers in writing secure software?.
In this paper, we draw on our experience in the industry, and also on extensive previous work to analyse and reflect on how to use ChatGPT to aid secure software development. Towards this, we run a small experiment using five different vulnerable code snippets. Our interactions with ChatGPT allow us to conclude on advantages, disadvantages and limitations of the usage of this new technology.

BibTeX - Entry

@InProceedings{espinhagasiba_et_al:OASIcs.ICPEC.2023.2,
  author =	{Espinha Gasiba, Tiago and Oguzhan, Kaan and Kessba, Ibrahim and Lechner, Ulrike and Pinto-Albuquerque, Maria},
  title =	{{I'm Sorry Dave, I'm Afraid I Can't Fix Your Code: On ChatGPT, CyberSecurity, and Secure Coding}},
  booktitle =	{4th International Computer Programming Education Conference (ICPEC 2023)},
  pages =	{2:1--2:12},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-290-7},
  ISSN =	{2190-6807},
  year =	{2023},
  volume =	{112},
  editor =	{Peixoto de Queir\'{o}s, Ricardo Alexandre and Teixeira Pinto, M\'{a}rio Paulo},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2023/18498},
  URN =		{urn:nbn:de:0030-drops-184986},
  doi =		{10.4230/OASIcs.ICPEC.2023.2},
  annote =	{Keywords: Serious Games, IT-Security, Machine Learning, ChatGPT, Secure Coding, Industry, Software Development, Teaching}
}

Keywords: Serious Games, IT-Security, Machine Learning, ChatGPT, Secure Coding, Industry, Software Development, Teaching
Collection: 4th International Computer Programming Education Conference (ICPEC 2023)
Issue Date: 2023
Date of publication: 09.08.2023

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI