在生成人工智能时代偿还安全债务.pdf

《在生成人工智能时代偿还安全债务.pdf》由会员分享，可在线阅读，更多相关《在生成人工智能时代偿还安全债务.pdf（24页珍藏版）》请在三个皮匠报告上搜索。

1、State of Software Security:Addressing the Threat of Security DebtChris WysopalChief Security EvangelistWorld AI Summit 2024October 10,2024Unites States Senate testimony-19 May 1998One of the 1stvulnerability researchers,member of hacker think tank,L0pht in 1990s 3Today we are finding software securi

2、ty flaws faster than we can fix them4Flaws accumulate faster than theyre fixedFlaws accumulate faster than theyre fixed56Our EU customersOur EU customers7Lets add the exciting potential of large language models that can write code!9Generating codeUnderstanding code/Code reviewRemediating defectsTran

3、slating programming languagesCreating and maintaining unit testsWriting documentationDeveloper GenAI use right now10Learning about the code baseSearching for answers to avoid reinventing the wheelReading log files to find a root causeCreating and running functional&non-functional testsRemediating se

4、curity vulnerabilitiesEmerging dev uses for GenAIPublic GitHub RepositoriesOpen-Source ProjectsDocumentation and CommentsThirds Party Code(License Risk)Training Data SetLarge corpus of data that includes open web content.Large Language Models used for codingChatGPTCode GeneratorGeminiUser Result41%4

5、1%of Copilot produced code contain known security vulnerabilities.Large Language ModelUser PromptSecurity Implications of LLMsWuhan University Study on AI Code GeneratorsStanford University Study on AI Code GeneratorsNew York University Study on GitHub CopilotPurdue University on ChatGPT accuracy36%

6、Out of the 435 Copilot generated code snippets found in repos 36%contain security weaknesses,across 6 programming languages.Developers using LLMs were more likely to write insecure code.They were more confident their code was secure.41%Of 1689 generated programs 41%of Copilot produced programs conta