Information (Sep 2024)

May the Source Be with You: On ChatGPT, Cybersecurity, and Secure Coding

  • Tiago Espinha Gasiba,
  • Andrei-Cristian Iosif,
  • Ibrahim Kessba,
  • Sathwik Amburi,
  • Ulrike Lechner,
  • Maria Pinto-Albuquerque

DOI
https://doi.org/10.3390/info15090572
Journal volume & issue
Vol. 15, no. 9
p. 572

Abstract

Read online

Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human–machine interaction. Recent advances in machine learning have led to a breakthrough, with the implementation and release of large language models, now freely available to the public. Such models are trained on a large amount of data and are capable of analyzing and interpreting not only natural language but also source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to what extent can ChatGPT aid software developers in writing secure software? In this work, we draw on our experience in the industry, and also on extensive previous work to analyze and reflect on how to use ChatGPT to aid secure software development. Towards this, we conduct two experiments with large language models. Our engagements with ChatGPT and our experience in the field allow us to draw conclusions on the advantages, disadvantages, and limitations of the usage of this new technology.

Keywords