Publicação

May the source be with you: On ChatGPT, cybersecurity, and secure coding

Detalhes bibliográficos
Resumo:	Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, proven to be very successful in the industry, makes use of an artificial intelligence technique (laddering technique) to implement a chatbot for human–machine interaction. Recent advances in machine learning have led to a breakthrough, with the implementation and release of large language models, now freely available to the public. Such models are trained on a large amount of data and are capable of analyzing and interpreting not only natural language but also source code in different programming languages. With the advent of ChatGPT, and previous state-of-the-art research in secure software development, a natural question arises: to what extent can ChatGPT aid software developers in writing secure software? In this work, we draw on our experience in the industry, and also on extensive previous work to analyze and reflect on how to use ChatGPT to aid secure software development. Towards this, we conduct two experiments with large language models. Our engagements with ChatGPT and our experience in the field allow us to draw conclusions on the advantages, disadvantages, and limitations of the usage of this new technology.
Autores principais:	Gasiba, T. E.
Outros Autores:	Iosif, A.-C.; Kessba, I.; Amburi, S.; Lechner, U.; Pinto-Albuquerque, M.
Assunto:	Education Training Secure coding Industry Cybersecurity Capture the flag Game analysis CyberSecurity Challenges
Ano:	2024
País:	Portugal
Tipo de documento:	artigo
Tipo de acesso:	acesso aberto
Instituição associada:	ISCTE
Idioma:	inglês
Origem:	Repositório ISCTE

Registos relacionados

Design of secure coding challenges for cybersecurity education in the industry
por: Gasiba, Tiago
Publicado em: (2020)

Cybersecurity games for secure programming education in the industry: gameplay analysis
por: Gasiba, Tiago
Publicado em: (2020)

Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
por: Gasiba, T.
Publicado em: (2020)

Cybersecurity awareness platform with virtual coach and automated challenge assessment
por: Gasiba, T.
Publicado em: (2020)

Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
por: Gasiba, T.
Publicado em: (2020)

Raising security awareness using cybersecurity challenges in embedded programming courses
por: Gasiba, T. E.
Publicado em: (2021)

Automated Java challenges' security assessment for training in industry: Preliminary results
por: Casqueiro, L. A.
Publicado em: (2021)

I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, and secure coding
por: Gasiba, T. E.
Publicado em: (2023)

Drone Security Scoring System
por: Branco,Bruno José do Campo
Publicado em: (2024)

Cybersecurity challenges: Serious games for awareness training in industrial environments
por: Gasiba, T. E.
Publicado em: (2021)

The impact of cybersecurity on the regulatory legal framework for maritime security
por: Faria, Duarte Lynce de
Publicado em: (2020)

Information technologies and cyber security
por: Orvalho, Luísa
Publicado em: (2023)

Challenges and reflections in designing Cyber security curriculum
por: Pereira, Teresa
Publicado em: (2017)

Cybersecurity Planning Insight: CSCD (Cyber Security and Cyber Defense) Control: Framework For Strategic Direction and Governance
por: Hasan, Mahmudul
Publicado em: (2021)

HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA
por: Mateus, Marco Alexandre Clemente
Publicado em: (2021)

Securing cyberspace : threats and challenges to NATO
por: Almeida, António Miguel Correia Semedo Neves
Publicado em: (2024)

Continuous industrial sector cybersecurity assessment paradigm proposed model of cybersecurity certification
por: Oliveira, Andre da Silva
Publicado em: (2022)

A Customizable Web Platform to Manage Standards Compliance of Information Security and Cybersecurity Auditing
por: Antunes, Mário
Publicado em: (2022)

Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal
por: Antunes, Mário
Publicado em: (2021)

Cybersecurity culture in Portuguese organizations: An exploratory analysis
por: Cardoso, M. G. M. S.
Publicado em: (2017)

Evaluating cybersecurity attitudes and behaviors in Portuguese healthcare institutions
por: Nunes, Paulo
Publicado em: (2021)

Serious game for industrial cybersecurity: Experiential learning through code review
por: Iosif, A.
Publicado em: (2024)

Cybersecurity in supply chain systems: the Farm-to-Fork use case
por: Leligou, Helen C.
Publicado em: (2024)

NIST cybersecurity framework compliance: A generic model for dynamic assessment and predictive requirements
por: Teodoro, N
Publicado em: (2015)

Automation of system security vulnerabilities detection using open-source software
por: Seara, J.
Publicado em: (2024)

An integrated cybernetic awareness strategy to assess cybersecurity attitudes and behaviours in school context
por: Antunes, Mário
Publicado em: (2021)

Assessing cybersecurity hygiene and cyber threats awareness in the campus: A case study of higher education institutions in Portugal and Poland
por: Oliveira, Luís
Publicado em: (2023)

Awareness of secure coding guidelines in the industry - A first data analysis
por: Gasiba, T. E.
Publicado em: (2020)

Segurança cibernética no setor bancário: análise da regulamentação e práticas de proteção contra o cibercrime
por: Gottschefsky, Adele Gomes
Publicado em: (2023)

Cybersecurity in Smart Railways: Challenges and Pathways
por: Fernandes, Tiago Filipe Tavares
Publicado em: (2023)

Evaluating cybersecurity attitudes and behaviors in Portuguese healthcare institutions
por: Nunes, Paulo
Publicado em: (2021)

Assessing and strengthening cybersecurity maturity : a NIST-based index approach
por: Bernardo, Luís António
Publicado em: (2024)

BIBLIOMETRIC ANALYSIS ON CYBERSPACE SECURITY - NIS DIRECTIVES
por: Cláudia, Borgguen
Publicado em: (2023)

An analysis on the implementation of secure web-related protocols in portuguese city councils
por: Barreto, Jackson
Publicado em: (2023)

An analysis on the Implementation of Secure Web-related Protocols in Portuguese City Councils
por: Júnior, Jackson Barreto Costa
Publicado em: (2023)

Global perspectives on cybersecurity education
por: Parrish, Allen
Publicado em: (2018)

You are doing it wrong: On vulnerabilities in low code development platforms
por: Lourenço, M.
Publicado em: (2023)

Why Should I? Cybersecurity, the Security of the State and the Insecurity of the Citizen
por: Coles-Kemp, Lizzie
Publicado em: (2018)

Enhancing cybersecurity education for the healthcare sector: Fostering interdisciplinary ManagiDiTH approach
por: Rajamäki, J.
Publicado em: (2024)

The use of gamification on cybersecurity awareness of healthcare professionals
por: Carreiro, Ana
Publicado em: (2024)