Exportar Publicação
A publicação pode ser exportada nos seguintes formatos: referência da APA (American Psychological Association), referência do IEEE (Institute of Electrical and Electronics Engineers), BibTeX e RIS.
Gasiba, T. E., Oguzhan, K., Kessba, I., Lechner, U. & Pinto-Albuquerque, M. (2023). I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding. In Queirós, R. A. P. de, and Pinto, M. P. T. (Ed.), 4th International Computer Programming Education Conference (ICPEC 2023). Vila do Conde: Schloss Dagstuhl -- Leibniz-Zentrum für Informatik.
T. E. Gasiba et al., "I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding", in 4th Int. Computer Programming Education Conf. (ICPEC 2023), Queirós, R. A. P. de, and Pinto, M. P. T., Ed., Vila do Conde, Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, 2023, vol. 112
@inproceedings{gasiba2023_1732222055575, author = "Gasiba, T. E. and Oguzhan, K. and Kessba, I. and Lechner, U. and Pinto-Albuquerque, M.", title = "I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding", booktitle = "4th International Computer Programming Education Conference (ICPEC 2023)", year = "2023", editor = "Queirós, R. A. P. de, and Pinto, M. P. T.", volume = "112", number = "", series = "", doi = "10.4230/OASIcs.ICPEC.2023.2", publisher = "Schloss Dagstuhl -- Leibniz-Zentrum für Informatik", address = "Vila do Conde", organization = "School of Media Arts and Design (ESMAD), P.Porto", url = "https://icpeconf.org/" }
TY - CPAPER TI - I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding T2 - 4th International Computer Programming Education Conference (ICPEC 2023) VL - 112 AU - Gasiba, T. E. AU - Oguzhan, K. AU - Kessba, I. AU - Lechner, U. AU - Pinto-Albuquerque, M. PY - 2023 DO - 10.4230/OASIcs.ICPEC.2023.2 CY - Vila do Conde UR - https://icpeconf.org/ AB - Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, which has been proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human-machine interaction. Recent advances in machine learning led to a breakthrough, with the implementation of ChatGPT by OpenAI. This algorithm has been trained in a large amount of data and is capable of analysing and interpreting not only natural language, but also small code snippets containing source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to which extent can ChatGPT aid software developers in writing secure software?. In this paper, we draw on our experience in the industry, and also on extensive previous work to analyse and reflect on how to use ChatGPT to aid secure software development. Towards this, we run a small experiment using five different vulnerable code snippets. Our interactions with ChatGPT allow us to conclude on advantages, disadvantages and limitations of the usage of this new technology. ER -