克里斯·威索帕尔_HAL到HALT阻止Skynet的兄弟姐妹在GenAI编码时代.pdf

《克里斯·威索帕尔_HAL到HALT阻止Skynet的兄弟姐妹在GenAI编码时代.pdf》由会员分享，可在线阅读，更多相关《克里斯·威索帕尔_HAL到HALT阻止Skynet的兄弟姐妹在GenAI编码时代.pdf（24页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsFrom HAL to HALT:Thwarting Skynets Siblings in the GenAI Coding EraChris WysopalCo-founder&CTO,Veracode Unites States Senate testimony-19 May 1998One of the 1st vulnerability researchers,member of hacker think tank,L0pht in 1990s Improve the Security of Your Product by Breaking

2、Into ItFounded stake security research team and then Veracode to build security into SDLCState of Software Security 2024Addressing the Threat of Security Debt50%40%30%20%10%0%age of application in(years)the honeymoon phase of applications where fewer flaws are introduced12345new flaws introduced by

3、application age8910Lets add the exciting potential of large language models that can write code!12Generating codeUnderstanding code/Code reviewRemediating defectsTranslating programming languagesCreating and maintaining unit testsWriting documentationDeveloper GenAI use right now13Learning about the

4、 code baseSearching for answers to avoid reinventing the wheelReading log files to find a root causeCreating and running functional&non-functional testsRemediating security vulnerabilitiesEmerging dev uses for GenAIPublic GitHub RepositoriesOpen-Source ProjectsDocumentation and CommentsThirds Party

5、Code(License Risk)Training Data SetLarge corpus of data that includes open web content.Large Language ModelsChatGPTCode GeneratorBardUser Result41%41%of Copilot produced code contain known security vulnerabilities.Large Language ModelUser PromptSecurity Implications of LLMsWuhan University Study on

6、AI Code GeneratorsStanford University Study on AI Code GeneratorsNew York University Study on GitHub CopilotPurdue University on ChatGPT accuracy36%Out of the 435 Copilot generated code snippets found in repos 36%contain security weaknesses,across 6 programming languages.Developers using LLMs were m