Search icon
ReadWrite
see notifications
Notifications
see more
    paint-brush
    Generate and Pray: Using SALLMS to Evaluate the Security: Limitations and Threats to the Validityby@textmodels

    Generate and Pray: Using SALLMS to Evaluate the Security: Limitations and Threats to the Validity

    by Writings, Papers and Blogs on Text ModelsFebruary 9th, 2024
    Read on Terminal Reader
    Read this story w/o Javascript
    tldt arrow

    Too Long; Didn't Read

    Although LLMs can help developers to be more productive, prior empirical studies have shown that LLMs can generate insecure code.
    featured image - Generate and Pray: Using SALLMS to Evaluate the Security: Limitations and Threats to the Validity
    Writings, Papers and Blogs on Text Models HackerNoon profile picture

    This paper is available on arxiv under CC 4.0 license.

    Authors:

    (1) Mohammed Latif Siddiq, Department of Computer Science and Engineering, University of Notre Dame, Notre Dame;

    (2) Joanna C. S. Santos, Department of Computer Science and Engineering, University of Notre Dame, Notre Dame.

    Table of Links

    6 Limitations and Threats to the Validity

    SALLM’s dataset contains only Python prompts, which is a generalizability threat to this work. However, Python is not only a popular language among developers [1] but also a language that tends to be the one chosen for evaluation as HumanEval [10] is a dataset of Python-only prompts. Our future plan is to extend our framework to other programming languages, e.g., Java, C, etc..


    A threat to the internal validity of this work is the fact that the prompts were manually created from examples obtained from several sources (e.g., CWE list). However, these prompts were created by two of the authors, one with over 10 years of programming experience, and the other with over 3 years of programming experience. To mitigate this threat, we also conducted a peer review of the prompts to ensure their quality and clarity.


    We used GitHub’s CodeQL [26] as a static analysis to measure the vulnerability of code samples. As this is a static analyzer, one threat to our work is that it can suffer from imprecision. However, it is important to highlight that our framework evaluates code samples from two perspectives:




    static-based and dynamic-based (via tests). These approaches are complementary and help mitigate this threat.

    Stellar
    L O A D I N G
    . . . comments & more!

    About Author

    Writings, Papers and Blogs on Text Models HackerNoon profile picture
    Writings, Papers and Blogs on Text Models@textmodels
    We publish the best academic papers on rule-based techniques, LLMs, & the generation of text that resembles human text.
    Read my storiesSMALL LANGUAGE MODEL (BABY ONESIE)

    TOPICS

    purcat-imgmachine-learning #ai-generated-code #sallms-code-review #ai-code-accuracy #llm-generated-code #security-of-ai-code #ai-code-vulnerabilities #ai-research-papers #ml-research-papers

    THIS ARTICLE WAS FEATURED IN...

    Permanent on Arweave
    Read on Terminal Reader Terminal
    Read this story w/o Javascript Lite

    RELATED STORIES

    Article Thumbnail
    Gemini - A Family of Highly Capable Multimodal Models: Abstract and Introduction
    by textmodels
    Dec 24, 2023
    #gemini
    Article Thumbnail
    Generate and Pray: Using SALLMS to Evaluate the Security of LLM Generated Code: Abstract & Intro
    by textmodels
    Feb 09, 2024
    #ai-generated-code
    Article Thumbnail
    Generate and Pray: Using SALLMS to Evaluate the Security of LLM: Background & Motivation
    by textmodels
    Feb 09, 2024
    #ai-generated-code
    Article Thumbnail
    Generate and Pray: Using SALLMS to Evaluate the Security of LLM Generated Code: Our Framework: SALLM
    by textmodels
    Feb 09, 2024
    #ai-generated-code
    Article Thumbnail
    Generate and Pray: Using SALLMS to Evaluate the Security of LLM Generated Code: Experiments
    by textmodels
    Feb 09, 2024
    #ai-generated-code
    Join HackerNoonloading
    Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas