Publicação em atas de evento científico
I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
Tiago Espinha Gasiba (Gasiba, T. E.); Kaan Oguzhan (Oguzhan, K.); Ibrahim Kessba (Kessba, I.); Ulrike Lechner (Lechner, U.); Maria Pinto-Albuquerque (Pinto-Albuquerque, M.);
4th International Computer Programming Education Conference (ICPEC 2023)
Ano (publicação definitiva)
2023
Língua
Inglês
País
Portugal
Mais Informação
Web of Science®

Esta publicação não está indexada na Web of Science®

Scopus

N.º de citações: 2

(Última verificação: 2024-11-20 14:17)

Ver o registo na Scopus

Google Scholar

N.º de citações: 6

(Última verificação: 2024-11-22 02:40)

Ver o registo no Google Scholar

Abstract/Resumo
Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, which has been proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human-machine interaction. Recent advances in machine learning led to a breakthrough, with the implementation of ChatGPT by OpenAI. This algorithm has been trained in a large amount of data and is capable of analysing and interpreting not only natural language, but also small code snippets containing source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to which extent can ChatGPT aid software developers in writing secure software?. In this paper, we draw on our experience in the industry, and also on extensive previous work to analyse and reflect on how to use ChatGPT to aid secure software development. Towards this, we run a small experiment using five different vulnerable code snippets. Our interactions with ChatGPT allow us to conclude on advantages, disadvantages and limitations of the usage of this new technology.
Agradecimentos/Acknowledgements
Maria Pinto-Albuquerque acknowledges and thanks the Instituto Universitário de Lisboa and ISTAR, for their support.
Palavras-chave
Serious games,IT-security,Machine learning,ChatGPT,Secure coding,Industry,Software development,Teaching
Prémios
Prémio para o melhor artigo
Registos de financiamentos
Referência de financiamento Entidade Financiadora
UIDB/04466/2020 Fundação para a Ciência e a Tecnologia
UIDP/04466/2020 Fundação para a Ciência e a Tecnologia
Project LIONS dtec.bw
Projetos Relacionados

Esta publicação é um output do(s) seguinte(s) projeto(s):