View article

[PDF] from arxiv.org

Assessing the Security of GitHub Copilot Generated Code--A Targeted Replication Study

Authors

Vahid Majdinasab, Michael Joshua Bishop, Shawn Rasheed, Arghavan Moradidakhel, Amjed Tahir, Foutse Khomh

Publication date

2024

Journal

IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)

Description

AI-powered code generation models have been developing rapidly, allowing developers to expedite code generation and thus improve their productivity. These models are trained on large corpora of code (primarily sourced from public repositories), which may contain bugs and vulnerabilities. Several concerns have been raised about the security of the code generated by these models. Recent studies have investigated security issues in AI-powered code generation tools such as GitHub Copilot and Amazon Code Whisperer, revealing several security weaknesses in the code generated by these tools. As these tools evolve, it is expected that they will improve their security protocols to prevent the suggestion of insecure code to developers. This paper replicates the study of Pearce et al., which investigated security weaknesses in Copilot and uncovered several weaknesses in the code suggested by Copilot across …

Total citations

Cited by 4

20244

Scholar articles

Assessing the Security of GitHub Copilot's Generated Code-A Targeted Replication Study

V Majdinasab, MJ Bishop, S Rasheed, A Moradidakhel… - 2024 IEEE International Conference on Software …, 2024