all InfoSec news
Is GitHub's Copilot as Bad as Humans at Introducing Vulnerabilities in Code?. (arXiv:2204.04741v2 [cs.SE] UPDATED)
cs.CR updates on arXiv.org arxiv.org
Several advances in deep learning have been successfully applied to the
software development process. Of recent interest is the use of neural language
models to build tools, such as Copilot, that assist in writing code. In this
paper we perform a comparative empirical analysis of Copilot-generated code
from a security perspective. The aim of this study is to determine if Copilot
is as bad as human developers - we investigate whether Copilot is just as
likely to introduce the same …
aim analysis bad build code copilot deep learning development development process generated github humans interest language language models perspective process security software software development study tools vulnerabilities writing