Treffer: Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions.
Title:
Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions.
Authors:
Pearce, Hammond1 (AUTHOR) hammond.pearce@nyu.edu, Ahmad, Baleegh1 (AUTHOR) ba1283@nyu.edu, Tan, Benjamin2 (AUTHOR) benjamin.tan1@ucalgary.ca, Dolan-Gavitt, Brendan1 (AUTHOR) brendang@nyu.edu, Karri, Ramesh1 (AUTHOR) rkarri@nyu.edu
Source:
Communications of the ACM. Feb2025, Vol. 68 Issue 2, p96-105. 10p.
Subject Terms:
Company/Entity:
Database:
Business Source Premier
Weitere Informationen
This research article seeks to exploit vulnerabilities in using Github Copilot for paired human-artificial intelligence code generation. The method employs MITRE’s top 25 Common Weakness Enumeration (CWE) list to evaluate Copilot’s performance in regards to three areas- diversity of weakness, diversity of prompt, and diversity of domain. The discussion of the results includes an overview on threats to validity of the results including CWE and scenario inclusion and reproducibility of code generated.