all InfoSec news
Efficient Avoidance of Vulnerabilities in Auto-completed Smart Contract Code Using Vulnerability-constrained Decoding. (arXiv:2309.09826v2 [cs.CR] UPDATED)
cs.CR updates on arXiv.org arxiv.org
Auto-completing code enables developers to speed up coding significantly.
Recent advances in transformer-based large language model (LLM) technologies
have been applied to code synthesis. However, studies show that many of such
synthesized codes contain vulnerabilities. We propose a novel
vulnerability-constrained decoding approach to reduce the amount of vulnerable
code generated by such models. Using a small dataset of labeled vulnerable
lines of code, we fine-tune an LLM to include vulnerability labels when
generating code, acting as an embedded classifier. Then, …
auto code coding contract decoding developers language large large language model llm novel smart smart contract speed speed up studies synthesized technologies vulnerabilities vulnerability